BleepingComputer reports that online cryptocurrency casino Stake.com had $41.3 million stolen following an attack against its hot wallets on Sept. 4, making it one of the largest cryptocurrency heists so far this year.
Attackers were noted by PeckShield and ZachXBT to have stolen $25.6 million in Binance Smart Chain and Polygon, as well as $15.7 million in Ethereum, but Stake, which has already resumed its services, emphasized that user funds and other wallets containing BTC, EOS, XRP, LTC, and TRX were not impacted by the intrusion.
No evidence has been found to attribute the cryptocurrency heist to state-sponsored threat operations, which have been known to exfiltrate a significant amount of cryptocurrency in their attacks, as evidenced by the North Korean Lazarus Group's theft of $60 million, $37.3 million, and $35 million from Alphapo, CoinsPaid, and Atomic Wallet, respectively, between June and July.
Lazarus Group has also been reported by the FBI late last month to have transferred $41 million worth of stolen cryptocurrency.
Without the need for specialized audio equipment to conduct PIXHELL, threat actors could leverage social engineering and software supply chain attacks to distribute covert data exfiltration channel-triggering malware that would create an acoustic channel for the data.
Russian state-sponsored threat group Coldriver has been suspected by the Free Russia Foundation of being behind the intrusion, which involved the targeting of several entities to exfiltrate internal documents, grant reports, and other correspondences in retaliation against pro-democracy Russians
Simultaneous target infiltration and reconnaissance, network compromise, and data exfiltration activities have been performed by Clusters Alpha, Bravo, and Charlie, respectively.