The hackers behind cryptocurrency casino Stake’s $41 million hack have shifted another $328,000 million worth of Polygon (MATIC) and BNB (BNB) tokens — their latest moves following the Sept. 4 exploit, according to blockchain security firm CertiK.
The most recent transfer involved 300 BNB tokens worth about $61,500 to an externally owned address “0x695…” which were then bridged to the Avalanche blockchain on Sept. 11 at 4:09 pm UTC.
Another 520,000 MATIC tokens worth over $266,000 were also moved to Avalanche seven hours earlier at 7:18 am UTC.
#CertiKSkynetAlert
— CertiK Alert (@CertiKAlert) September 11, 2023
We are seeing a further movement of funds from the Stake exploiter.
520k MATIC was swapped and bridged to Avalanche before being bridged to BTC as per other fund movements from the exploiter.
See more on Skynet https://t.co/Sdsfh29AoF
The 520,000 MATIC and 300 BNB — totaling $328,000 — add to the $4.5 million in stolen funds that were bridged to the Bitcoin blockchain (in the form of BTC) on Sept. 7, according to blockchain security firm Arkham.
The total $4.8 million transferred however only represents 1.2% of the total $41 million stolen from the hackers.
Over the past 24 hours, the Hacker has been gradually bridging funds to the BTC Blockchain using a series of new wallets on Polygon and Avalanche.
— Arkham (@ArkhamIntel) September 7, 2023
They have so far bridged $4.5M to BTC addresses, with the remaining $36M still held on ETH/BNB/Polygon. pic.twitter.com/fiMy62ABwL
It is understood the hacker gained access to the private key of Stake’s Binance Smart Chain and Ethereum hot wallets to perpetrate the hack on Sept. 4.
The United States Federal Bureau of Investigation believes North Korea’s Lazarus Group was behind the exploit.
Estimated funds lost from hacks, scams passes $1 billion
With $41 million stripped from Stake, the industry’s malicious actors have now taken the cryptocurrency hacks and scams toll to well over $1 billion in 2023.
CertiK previously reported the figure to be $997 million at the end of August, though several attacks in the last two weeks will push the figure over the $1 billion mark.
Related: CertiK drops findings on alleged scammer who stole $1M in crypto
In September, a cryptocurrency whale lost $24 million in staked Ether (ETH) in a phishing attack on Sept. 6, and Vitalik Buterin’s X (formerly Twitter) account was then compromised on Sept. 9, where the hacker then lured several victims into a nonfungible token scam which totaled $691,000.
The three incidents would take CertiK’s August figure to at least $1.04 billion.
Crypto Hacks And Scams Reach Nearly a Billion Dollars In 2023!
— Interlock (@interlockweb3) September 11, 2023
⚔️ThreatSlayer is your security sidekick that keeps you safe! pic.twitter.com/pZmPCdZzP2
Other recent incidents include Pepe (PEPE) coin’s withdrawal incident, which set back investors $13.2 million, Exactly Protocol’s $7.3 million exploit and an exposed security vulnerability on Balancer, which did $2.1 million in damage.
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story