Stake.com hack
About $41M was stolen from the crypto casino Stake.com on September 4, 2023, after attackers obtained access to its hot wallets (ETH, BNB Chain, Polygon). The FBI publicly attributed the theft to North Korea's Lazarus Group (APT38).
Also known as: Stake.com, Stake, Stake hack
Summary
On September 4, 2023, the online casino and betting platform Stake.com lost about $41 million when attackers drained funds from its hot wallets on the Ethereum, BNB Chain, and Polygon networks (roughly $15.7M in ETH and ~$25.6M across BSC/Polygon, per ZachXBT). The cause appeared to be a leaked or stolen hot-wallet private key rather than a contract bug. [1][2]
Attribution
On September 6, 2023, the FBI confirmed the theft and attributed it to the Lazarus Group (APT38), noting the same DPRK actors were responsible for ~$200M+ in 2023 crypto thefts, including Alphapo, CoinsPaid, and Atomic Wallet. The funds were laundered through mixers such as Sinbad/YoMix. [1][2]
Bracketed numbers refer to the numbered sources listed below.
People & entities involved
Sources (2)
See also
- Loci (LOCIcoin)TokensA 2017–2018 ICO for 'LOCIcoin' tied to the InnVenn IP-search platform. The SEC charged Loci and CEO John Wise with fraud for raising $7.6M on false claims about revenue, headcount, and user base; Wise also misused investor funds. Settled with a $7.6M penalty and an officer/director bar.
- Blockchain Terminal (BCT)TokensA 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
- Crowd Machine (CMCT)Tokens
This page was last updated on Jun 8, 2026. View revision history.