FBI Suspects North Korea Behind $41 Million Stake Cryptocurrency Hack

The FBI has identified the North Korean Lazarus Group as the masterminds behind the recent $41 million hack of the popular crypto gambling site Stake. North Korea is an isolated state led by a dictatorship that rigidly controls its population and economy while pursuing nuclear weapons.

The FBI's extensive investigation into the cyberattack, announced on September 7, has shed light on the group's history of cybercrimes of the North Korean Group and underscored the urgency for heightened security measures within the cryptocurrency industry.

Stake Hack

On September 4, Stake, a prominent cryptocurrency gambling platform, fell victim to a massive cyberattack, resulting in the theft of a staggering $41 million worth of crypto.

The FBI has attributed the recent high-profile cryptocurrency exchange hack to the Lazarus Group, a notorious cybercrime syndicate with ties to North Korea's intelligence agencies. This brazen heist is just the latest in a string of audacious cyberattacks conducted by the Lazarus Group to pilfer digital assets and fund North Korea's weapons programs.

Lazarus Group is also responsible for the CoinEx hack according to analytics. Source: Elliptic

The tactics continue to evolve as Lazarus Group targets exchanges and investors around the world, raising concerns among law enforcement and cybersecurity experts worldwide. Though North Korea officially denies any involvement with cyber operations, the FBI and other agencies have gathered substantial evidence linking the Lazarus Group to Pyongyang.

This latest heist further cements the gang's reputation as one of the most capable and prolific cybercriminal organizations operating today. As a response to the threat posed by the Lazarus Group, the FBI issued a set of recommendations for the crypto industry, urging caution and heightened vigilance.

Background on Stake Hack

Stake is a well-known crypto gambling platform that offers a range of casino games and sports betting options to its users. Originally founded in 2017 by entrepreneurs Ed Craven and Bijan Tehrani, Stake.com has quickly grown into an international brand with offices and staff around the world.

In December 2021, Stake.com expanded its operations to the UK through a strategic partnership with TGP Europe. This allowed the company to bring its innovative gaming platform to new markets. While Stake.com faced a high-profile lawsuit in June 2023 from an individual claimant, the case was ultimately dismissed in court for jurisdictional reasons. Stake.com maintains that the allegations were without merit.

On September 4th, 2023 Stake experienced a devastating cyberattack, which exploited vulnerabilities in its security infrastructure. The hackers successfully siphoned off a staggering $41 million in cryptocurrency from Stake's hot wallets, sending shockwaves throughout the crypto community.

After the recent security breach, Stake responded promptly to address users' concerns. They emphasized that the amount stolen was minor compared to their total assets under management. Most importantly, they assured users that the incident would not negatively impact their accounts or investments

FBI's Announcement

The FBI's announcement on September 7 served as a wake-up call to the crypto industry, revealing the extent of the Lazarus Group's activities. Disturbingly, the FBI's investigation also unveiled the Lazarus Group's involvement in a series of high-value cyber heists, amassing over $200 million in 2023 alone. The FBI divulged the specific addresses where the stolen funds are currently held, spanning multiple cryptocurrencies including bitcoin, ether, BNB Smart Chain and Polygon.

In response to the incident, the FBI has issued a stark recommendation to all crypto protocols and businesses to scrutinize the addresses linked to the hack and exercise utmost caution in transactions. The FBI urged industry leaders to thoroughly review their previously released Cyber Security Advisory on TraderTraitor for comprehensive guidance on safeguarding against such threats.

TraderTraitor refers to a set of malicious apps built with Electron, an open-source framework for creating cross-platform desktop applications using JavaScript, HTML and CSS. The apps run on Node.js, a popular runtime environment for JavaScript.

The creators of TraderTraitor developed malware using common web development tools that were able to infect multiple operating systems. The FBI warned against any transactions involving or related to the hacked cryptocurrency wallet addresses associated with the stolen funds.

Other Hacks Attributed to Lazarus Group in 2023

The Lazarus Group's hacking spree in 2023 included a $65 million theft from AlphaPo, a payment processor, through unauthorized withdrawals of ether, tron and bitcoin on July 23. The incident forced AlphaPo's client HypeDrop to suspend crypto transactions while AlphaPo slowly restored limited functionality.

Another major Lazarus coup was the June exploit of Atomic Wallet, a popular cryptocurrency wallet service, resulting in an estimated $100 million loss. Atomic took their systems offline and advised users to transfer funds during an investigation of the compromise, which impacted both updated and outdated versions of the software.

Elliptic continues to track funds stolen by Lazarus. Source: Korea JoongAng Daily

Lazarus also managed to siphon $37 million from payment processor CoinsPaid through months of phishing and social engineering that exploited employees. The stolen funds were quickly laundered through decentralized exchanges and trading platforms.

Conclusion

As the Lazarus Group is believed to have ties to North Korea, this cyber heist may have broader implications for diplomatic relations between nations, necessitating further international cooperation to combat cybercrime.

This news highlights the persistent cyber risks facing centralized crypto companies despite the rise of decentralized finance. The revelation of the Lazarus Group's involvement in the Stake hack underscores the persistent and evolving threat posed by this highly skilled cybercriminal organization.