In a Sep. 6 press release, the Federal Bureau of Investigation (FBI) said North Korea-backed hacker group Lazarus was behind the attack on crypto casino, Stake.
Stake reported unauthorized transactions from some of its hot wallets on Sep. 4. Withdrawals and deposits were halted then later resumed, but not before hackers stole $41 million in digital assets.
The FBI, along with multiple blockchain security firms, confirmed that the attackers drained funds from Stake via Ethereum, BNB Chain, and Polygon.
Additionally, federal investigators listed 33 wallets including 22 Bitcoin (BTC) addresses tied to the Stake hack. These addresses either received funds directly from Stake’s hot wallets or were used to siphon illicit gains through various networks.
Security shops Arkham and CertiK both said the hacker bridged funds to Avalanche and then to Bitcoin’s blockchain. At press time, the culprits held $36 million on Ethereum , BNB Chain, and Polygon.
Lazarus Group, also known as APT38, is a band of cyber criminals and hackers supposedly funded by the North Korean government. The organization is said to have stolen almost $2 billion from crypto platforms and digital asset service providers since 2022.
In addition to the Stake hack, authorities said Lazarus also masterminded several high-profile crypto heists including Atomic Wallet’s $100 million exploit, the $100 million attack on Harmony’s Horizon bridge, and over $600 million snatched from Sky Mavis’ Ronin bridge.
The attack on Ronin remains one of the largest exploits of any crypto platform to date.
Lazarus also reportedly stole a combined $97 million from crypto payment processors Alphapo and CoinsPaid.
In August 2022, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned privacy tool Tornado Cash over suspected links to Lazarus. The OFAC claimed that Lazarus tapped Tornado Cash to launder hundreds of millions in illicit wealth.