The hacker has successfully transferred a substantial $4.8 million in funds, now split between Bitcoin and Avalanche cryptocurrencies.
In the aftermath of the $41 million breach at the cryptocurrency casino Stake, the hackers have executed another significant move, transferring an astonishing $328 million in Polygon and BNB (BNB) tokens. This development comes on the heels of the September 4th security breach and has been confirmed by blockchain security firm CertiK.
The most recent transaction involved 300 BNB tokens valued at approximately $61,500, which were deposited into an externally owned address labeled “0x695…”. These tokens were subsequently bridged to the Avalanche blockchain on September 11th, at precisely 4:09 pm UTC. Additionally, an impressive 520,000 MATIC tokens, worth over $266,000, were moved to Avalanche seven hours earlier, at 7:18 am UTC.
The combination of the 520,000 MATIC tokens and the 300 BNB tokens amounts to an impressive $328,000. These tokens were incorporated into the Bitcoin blockchain as BTC on September 7th, according to reports from blockchain security firm Arkham. However, it’s worth noting that this $4.8 million only represents a modest 1.2% of the total $41 million stolen by the hackers.
The breach involved the hacker gaining access to the private key of Stake’s Binance Smart Chain and Ethereum hot wallets, which allowed them to carry out the attack on September 4th. The United States Federal Bureau of Investigation has attributed this exploit to North Korea’s Lazarus Group.
With the $41 million loss incurred by Stake, the total toll of cryptocurrency hacks and scams in 2023 has surged past the staggering $1 billion mark. CertiK had previously reported the figure at $997 million at the end of August, but recent attacks over the past two weeks have propelled the total beyond the billion-dollar threshold.
In September alone, a prominent cryptocurrency investor lost a staggering $24 million in staked Ether (ETH) due to a phishing attack on September 6th. Additionally, on September 9th, Vitalik Buterin’s X (formerly Twitter) account was compromised, leading to a nonfungible token scam that resulted in losses totaling $691,000 for several victims. These three incidents alone have pushed CertiK’s August figure to a minimum of $1.04 billion.
