Following the $41 million hack suffered by the crypto casino Stake, hackers have made another move, transferring approximately $328,000 worth of Polygon (MATIC) and Binance Coin (BNB) tokens. These actions come in the wake of their initial exploit on September 4, according to blockchain security firm CertiK.
In the most recent transfer, 300 BNB tokens, valued at around $61,500, were sent to the externally owned address “0x695...” on September 11 at 4:09 PM UTC. These tokens were subsequently bridged to the Avalanche blockchain.
Furthermore, 520,000 MATIC tokens, worth over $266,000, were also transferred to Avalanche around seven hours prior to the BNB transfer. In addition to this, $4.5 million of stolen funds had been bridged to the Bitcoin blockchain on September 7, as reported by blockchain security firm Arkham.
A CertiK spokesperson clarified that the hackers were using Avalanche to bridge the stolen funds into Bitcoin wallets:
“The stolen funds will eventually be bridged to BTC. They are using Avalanche Bridge to bridge stolen funds to BTC wallets.”
However, it's important to note that the $4.8 million transferred represents only a fraction, specifically 1.2%, of the total $41 million stolen by the hackers. It was revealed that the hackers obtained the private keys of Stake's Binance Smart Chain and Ethereum hot wallets on September 4, which allowed them to carry out the attacks.
The FBI has indicated that it believes North Korea's Lazarus Group is responsible for this attack. The incident further contributes to the escalating losses in the cryptocurrency space, with hacks and scams amounting to well over $1 billion in 2023.
CertiK had previously reported this figure at $997 million by the end of August. However, several attacks over the past couple of weeks have pushed this number beyond the $1 billion mark. These incidents include a phishing attack on September 6 that caused crypto whales to lose $24 million in staked Ethereum (ETH), and on September 9, hackers compromised Vitalik Buterin's X (formerly Twitter) account, subsequently luring several victims into a non-fungible token scam totaling $691,000.
Taken together, these three incidents alone are expected to raise CertiK's figure for losses in September to at least $1.04 billion. Other recent incidents include the Pepe, The Coin withdrawal incident, which cost investors $13.2 million, the Exactly Protocol vulnerability that led to $7.3 million in losses, and the security flaw exposed on Balancer, which resulted in $2.1 million in losses.
