Lazarus Group outed
A North Korean state-sponsored hacking group was behind the casino exploit that resulted in the theft of more than $41m, according to the FBI.
The FBI has confirmed it identified the infamous Lazarus Group as the cyber organization that stole the money from Stake, an online casino and betting website.
The money was moved to 33 different cryptocurrency accounts
The FBI said that North Korean cyber actors moved the stolen funds from Ethereum, Binance Smart Chain (BSC), and Polygon networks last week. The money was moved to 33 different cryptocurrency accounts.
What happened?
On September 4, Stake confirmed on X that unauthorized transactions had taken place from its hot wallets. In a message to its 261,000 followers, the casino site said that while an investigation was underway, all “users’ funds were safe.”
Following the private key leak, Stake said that it had resumed all services and issued an “emergency compensation refund” for users who lost cash during the exploit to help restore “market sentiment.”
At the time of the hack, Stake’s co-founder Ed Craven reassured users that his company keeps a small amount of crypto reserves in its hot wallets for these types of situations.
A busy 2023
According to the FBI, North Korean cyber actors have stolen more than $200m so far in 2023. This includes around $60m of cryptocurrency from payment providers Alphapo and CoinsPaid, in addition to approximately $100m of virtual currency from crypto wallet Atomic Wallet.
using illegal measures to generate funds for the country
The FBI has said that it will continue to monitor the movements of North Korean hackers who are using illegal measures to generate funds for the country.
Speaking of the hack on Stake, Craven said that it was a “sophisticated breach,” but while “the loss of funds is by no means a trivial amount” … “this attack has not materially affected Stake’s operations.”