The FBI has released a statement confirming the perpetrators of the theft of $41m in cryptocurrency from Stake.com earlier this week.

According to the law enforcement agency, a group of cyber criminals operating from the Democratic People’s Republic of Korea (North Korea) called Lazarus Group was behind the attack.

The group, which is also known as APT38, is comprised of North Korean cyber actors, according to the FBI.

An investigation undertaken by the agency showed the group had stolen the funds associated with the Ethereum, Binance Smart Chain (BSC), and Polygon networks.

The FBI has published a list of the specific cryptocurrency addresses that funds were directed to on its website.

“The FBI will continue to expose and combat the DPRK’s use of illicit activities to generate revenue for the regime, including cybercrime and virtual currency theft.”

– Federal Bureau of Investigations

Lazarus Group has been “responsible for several other high-profile international virtual currency heists,” the FBI added.

In 2023 alone, cyber criminals in North Korea have stolen more than $200m worth of cryptocurrency, it said, including around $60m from Alphapo and CoinsPaid in July, and $100m from Atomic Wallet in June.

The US Department of Treasury’s Office of Foreign Assets Control (OFAC) previously sanctioned the Lazarus Group in 2019. 

The FBI further advised private sector entities to review previously issued cybersecurity advice and to be vigilant in guarding against transactions associated with certain addresses.

It also requested anyone with further information to contact their local FBI field office or the FBI’s Internet Crime Complaint Center.

“The FBI will continue to expose and combat the DPRK’s use of illicit activities to generate revenue for the regime, including cybercrime and virtual currency theft,” it concluded.

Stake response

In a post shared on Medium, Stake co-founder Ed Craven sought to reassure the operator’s users following the attack.

Despite a sophisticated attack on @Stake by North Korean cyber actors (As confirmed by the @FBI), operations are completely unaffected.

Thank you to the talented & resilient team @Stake.

I've shared more information in my recent Medium post.https://t.co/SNhvIXFBHK

— Eddie (@StakeEddie) September 8, 2023

In the post, Craven shared Stake’s preliminary findings on the matter but stressed that investigations are still ongoing.

“Within 20 minutes of the unauthorised transactions occurring, the incident was spotted and reported internally,” he wrote.

The source of the unauthorised activity was identified and containment measures implemented within four hours, he added, before reassuring customers that their personal data remains secure.

Critically, Craven added: “At no stage were any user funds ever compromised. Only a small portion of Stake’s bankroll to support large winning customers was affected.”

Two games affected by the attack remain disabled with the investigation ongoing, he added.

“While such events are rare (especially owing to our advanced security measures in-place), they can unfortunately happen to any company regardless of their size,” Craven continued.

“Cyber threats are a real risk in our tech-driven world and are only continuing to grow over time.”

He added that following the attack, several fake accounts on X offered refunds to customers, hiding malicious phishing links and providing fake updates on the matter.

Craven therefore urged users to always follow Stake’s official social media channels for accurate updates.

A more technical breakdown of how the exploit unfolded is expected “in the near future in order to help aid other companies protect against the same type of attack,” he concluded.

Share