Delve into the world of high-tech hackers and CasinoWow's overlook of North Korean conspiracies and discover how it cost Stake Casino $41 million.
Many of us remember watching films like the Ocean's franchise in the early 2000s. In these films, a team of sophisticated rogues uses their skills to infiltrate Las Vegas and steal from a mobster-affiliated casino and resort.
The story is told from an anti-hero perspective, where we root for the thieves. Yes, they’re criminals, but they’re not bad guys. The ones being robbed are the truly nefarious characters in this tale of clever plans and bright smiles.
The modern-day reality of headline-grabbing heists is that they have more to do with shows like Hackers and Mr Robot. Here, the thieves are tech geniuses who wield keystrokes like swords and use high-speed internet connections as their getaway vehicles.
The modern-day reality of headline-grabbing heists and what happened at Stake Casino
The story of a brazen hack that saw online casino giant Stake.com lose $41 million and how it has been linked to the government of North Korea.
Oceans 101010: The cyber edition
4 September 2023 was just another Monday at the Stake company. Players enjoyed a wide range of crypto casino games and sports betting events, and Stake Casino customer support was on hand to answer any questions.
They didn’t realise that the infamous Lazarus Group, a North Korean cybercrime organisation , was about to pull off one of the largest cryptocurrency heists the online casino and sports betting world had ever seen.
While we do not know how many members of BlueNoroff, the financial crimes sector of the Lazarus Group, were directly involved in the hack, they do boast more than 1700 highly skilled members.
In less than three hours, this group stole approximately $41 million from the Stake Group , accessing several hot wallets to do so. Shockingly, it would take more than four hours for a company focused on blockchain and crypto technology to act on the robbery, despite Ed Craven, the company’s co-founder, claiming an internal memo notified them within 20 minutes of first unauthorised transactions taking place.
The full story behind Stake Casino's cyber attack and how it all happened
Not the average smash-and-grab
Once the hackers had accessed the company’s backend servers, they had free reign over financial systems, crypto accounts, and other sensitive data.
Here is a breakdown of what was stolen from Stake :
Into the breach : The initial hack gave them access to Stake.com’s Ethereum hot wallet . Here, they stole just shy of $16 million in a variety of digital assets, including 3,900,000 USDT, 1,100,000 USDC, 900,000 DAI and 6,001 ETH.
A breakdown of the initial hack and what the hackers stole from Stake Casino.
One hour later : After rooting around in the company’s servers, the hackers were able to gain access to the crypto casino and sports betting provider’s Binance Smart Chain accounts , where they stole another $26 million in decentralised tokens and stablecoins, including 83,900,000,000 SHIB, 7,350,000 BSC-USD, 1,800,000 USDC, 1,300,000 BUSD, 300,000 MATIC, 40,000 LINK, 12,000 BNB and 2,300 ETH.
Binance Smart Chain Accounts Thefts Breakdown
One last taste : Finally, they reached into the cookie jar one more time and snapped up a grab bag of DAI, MATIC, USDT and USDC tokens worth approximately another $7.8 million before silently drifting into the shadows, having secured a total of $41 million virtual currencies .
Of course, we also contacted Stake Casino for a comment on the occurrences. However, they refused to comment, and we can understand why this is a sensitive topic for them.
How did the Lazarus Group breach Stake?
Given that the safety and security of the blockchain are among the primary selling points when gamblers are presented with the option to join a crypto casino , we have to ask how these North Korean hackers were able to breach such a secure system.
The fact of the matter is that they employed what is known as social engineering. This is a practice of attacking the weakest part of any technology-based system, the people who use it.
The Lazarus Group did not hack the blockchain itself; instead, they gained access to the Stake servers and network by stealing the user accounts and passwords of those who worked there.
Their exact method has not been confirmed, but worldwide system engineers and white-hat hackers — those who use their powers for good, not evil — have agreed the most likely tools would be phishing scams and malware embedded in emails and downloadable content hosted on unsecured websites.
In a post-mortem of the event, Ed Craven claimed that two casino games had been “impacted by a malicious component.” However, the broader security community has not supported this , some seeing it as a way to divert attention away from human error.
The simplest way to secure your crypto assets from this type of breach is not to access the public internet when working with your wallets or crypto exchanges, never give out your password (in writing or spoken out loud), and never click on email or message links on any device that you use for crypto-related business.
How did the Lazarus Group deal with the money?
Even hackers need to launder their money
If you’ve ever watched shows like Good Girls, Ozark, or Breaking Bad you know that laundering ‘dirty money’ is one of the biggest challenges facing criminals. Despite the high-tech nature of this crypto heist, the hackers faced the same challenge - making stolen crypto disappear so it could be used without attracting negative attention.
Here are the steps the Lazarus Group followed to achieve this:
Kucoin
They use a Russian exchange called Kucoin, which is known for processing illegally obtained digital assets without asking any questions.
Conversion
They convert all stable coins (USDT and USDC), managed by centralised companies, into decentralised cryptocurrencies like Ethereum (ETH) to avoid having the stablecoins frozen.
Second Conversion
They then converted the ETH into MATIC, which they converted into AVA, which was finally exchanged for BTC.
The main problem with making the cryptocurrencies from this online casino robbery vanish is that the blockchain is an open-source platform that allows anyone with a simple toolset to track how tokens are moved to and from various wallets with 100% accuracy.
The most common way to vanish of the grid is to send funds to cold wallets . These crypto wallets are not linked to the internet and usually comprise a physical device that can be sold or exchanged for goods based on their proven value.
Who says crime doesn't pay?
While tracking the various accounts used by the hackers to launder their ill-gotten gains, the law enforcement cyber divisions were notified that one of the receiving accounts was linked to at least two other recent, high-profile cyber crimes:
CoinEx : The Hong Kong exchange had just been hit for around $54 million in various cryptocurrencies. The stolen CoinEx tokens and Stake coins were collected by the same anonymous wallet, linking the Lazarus Group to both heists.
Atomic : The same group targeted this crypto wallet provider less than a month before the Stake robbery. Using the same social engineering tricks, the hackers managed to steal around $36 million in digital assets.
These three heists, which have been directly linked to the Lazarus Group, proved that they had stolen around $131 million in less than 30 days .
While getting access to the money from these Bitcoin casino heists has its challenges when you realise how much money is on the line, the idea that “crime doesn’t pay” makes you revisit a lot of your grandmother's old-time wisdom.
The crypto heist conspiracy theories
Whenever something outlandish occurs, such as sidling into the inner workings of Stake Casino and slipping away with over forty million dollars, the internet explodes with wild ideas and conspiracy theories .
The top 3 theories surrounding this heist and the Lazarus Group are:
Stake set up a massive rug pull
One of the early responses to the theft was that Stake’s owners had set up and executed the theft to steal millions from their customers without anyone knowing. The reasons for this varied from simple greed to averting prying eyes from greater problems in the business. Ultimately, tracing the funds to a known Lazarus Group wallet put an end to this crazy theory.
The heist was actually an inside job
Rather than the Lazarus Group having had to social engineer access to the Stake network it was theorised that a disgruntled employee was in on the scam. The evidence for this was flimsy, noting things like how easily they navigated internal systems and being able to cherry-pick high-value holding accounts. Based on the size and known skills of the hackers, this theory didn’t bear any fruit and soon petered out.
North Korea’s answer to Robin Hood
North Korea is an isolated country with an economy that financial experts label ‘repressed’. Despite sitting on a wealth of natural minerals, it is the lowest-ranked economy in Asia-Pacific, coming in 39th out of 39 regions. However, thanks to recently released FBI files and access to their Most Wanted list, we know that three prominent Lazarus Group members are North Korean citizens . It is also a well-documented fact that only North Korean political families, top-scoring university students, and members of the country’s ‘cyber warfare units’ are allowed access to the internet.
With statements by Yahoo Finance and other reputable publications that the hackers have stolen approximately $3.4 billion in crypto heists since 2007, there is a widely held theory that Kim Jong Un uses them as a cyber black ops team to support the heavily underfunded government .
This would make them the nation’s heroes and explain why they have the freedoms, technology, and online access they do in a country known to be viciously restrictive.
If it is true, it also means that in the years to come, we can expect to see even more online casinos, Bitcoin wallets, and crypto exchanges being hacked. However, this theory is also not confirmed and cannot be fully trusted. For now, all we know is that crypto casinos are safe, despite what happened to Skake Casino.
The Global Outage and its impact
The expert opinion - What more do we need to know?
We at CasinoWow spoke to Emil Stojnovsky, Product Lead of Ambire Wallet , who has a professional overlook of how the crypto world works. Happily, we got to learn more about the expert's opinion on the topic. Here is our talk:
CasinoWow: Is there anything that we need to tell players about their safety when it comes to cryptocurrencies?
Emil: Not your keys - not your money. The revolution of the blockchain is that it enables each person/organisation to be responsible for the custody of their assets (self-custody). This is where the value of Bitcoin and Ethereum, respectively, comes from. This is the so-called decentralisation, in which there is no need for a centralised authority to take care of the assets of its clients. And right here, the dissonance for me is how people and organisations using crypto do not take advantage of the main property of crypto that gives it value and entrust their assets to centralised (custodial) platforms (exchanges, casino platforms and others).
By entrusting one's assets to a centralised platform, one must know that one is actually taking one's assets off the blockchain network and transferring them to a centralised database. This database is as secure as the security policy of the company operating the platform. That is, it can already be said that the assets available to the client are not crypto. Or, to put it another way, if you don't have the key (private key) of the address to which you sent the money and you didn't generate it, and someone else has it/knows, those assets are no longer yours .
Accordingly, the customer must trust that these keys are kept properly and used properly. As we know, such keys should not be stored on devices with a direct connection to the Internet because the possibility of being taken/hacked is very high. Platforms that have thousands of customers and instant access to crypto simply cannot implement this without the keys to manage their crypto addresses sitting on devices with internet access. Which automatically means they become interesting for hackers . Even if this is not the case, let's assume that there are people who manage the hot wallets, can we count that these people will not somehow use these assets to which they have access.
CasinoWow: One of the most discussed topics in the crypto world right now is Account Abstraction (AA). Can you enlighten us on the topic?
Emil: At the moment, we know that each address is controlled by a private key, and to take action with a certain address, you need to sign the action with that key. If you lose this key, you also lose the assets of the corresponding address . This key is not like your Google or online banking password. You can't call the bank and ask them to restore your access. Also, this key cannot be changed. It's not like changing your email password. Because if you change your key here, it's like changing your email address. This is exactly where AA comes in with the concept of making blockchain users' addresses programmable (Smart Contract - Ethereum), that is, each address (wallet) has a programming logic that allows the client, under certain conditions, to be able to change or restore access to the address. To sign with several signatures - for example, phone + computer. Or access with email + password or Google login, fully preserving self-custody.
A good example of such a casino type platform is Polymarket. I think they use a Safe wallet - there are currently over 70 billion in Safe wallets and they have never been hacked! For each of their clients they create an individual wallet that only the client can access. Accordingly, with each bet, the customer must sign a message from his wallet that he allows his money to be used for the desired bet.
Increasing digital threats: The impact of global IT outages on casinos and betting Sites
The recent global IT outage, July 19, 2024, which disrupted various betting sites, broadcasting services, casinos, and retail operations, has shed light on the increasing vulnerabilities within the digital infrastructure of these industries.
Major brands like Ladbrokes and Coral experienced significant downtime due to this software update issue, illustrating how even routine updates can lead to widespread service interruptions.
Online casinos , in particular, are at a heightened risk due to their reliance on complex IT systems for operations, security, and customer management. The outage serves as a stark reminder of the potential risks and the importance of robust cybersecurity measures. Although the Stake Casino hack last year was a direct cyberattack, it exemplifies the broader threat landscape that all online gaming and betting platforms face. Such incidents can severely impact the operational integrity and reputation of these businesses, leading to financial losses and a decline in customer trust.
With the increasing sophistication of cyber threats and the integral role of technology in modern casinos, it is crucial for these establishments to invest in advanced security protocols and contingency plans . The recent outage could be a precursor to more targeted attacks, and it emphasises the need for continuous monitoring and updating of IT systems to safeguard against both technical failures and malicious activities.
As the digital environment evolves, the threat to casinos and betting sites becomes more pronounced. Operators must remain vigilant , learning from these incidents to bolster their defences and ensure uninterrupted service. Future disruptions could reveal more vulnerabilities, and proactive measures are essential to mitigate potential threats. The industry must adapt quickly to these challenges, prioritising cybersecurity to protect their operations and customers from the growing array of digital risks. Players should also be careful and protect their accounts in online casinos.
Choose your crypto casino and wallet wisely
While researching these cases, we were struck by the importance of vetting who you join. In the cases of Stake Casino and CoinEx, the company bore the burden of the loss.
Stake confirmed that its holding assets were stolen, and all user accounts remained secure. CoinEx took it a step further by publicly announcing that should it come to light that users had lost any crypto directly, they would guarantee all losses.
Atomic, however, failed to uphold its duty of care and declared that despite the breach of its system, any user losses were solely the responsibility of the individual. This negligent stance ultimately led to a class action lawsuit, in which they were sued for, among other things, their failure to inform users when the breach occurred and their failure to involve the authorities when it became clear they and their customers had been robbed.
These diametrically opposed views on customer safety and their responsibilities as service providers would make anyone feel safe and secure in choosing Stake as a crypto casino and CoinEx as an exchange. CasinoWow is also here to remind you to always be careful when playing at online casinos , whether it’s in fiat, crypto or hybrid casinos of choice.
Today, Stake Casino has risen stronger than ever and continues to provide great crypto and gambling experience to its players. Such attacks are a truly unfortunate thing to happen to any online platform, but how you face that afterwards says a lot about you as a company.