Nation-State Attacks on Crypto Casinos: How Lazarus Group Stole $41M from Stake.com
In September 2023, the FBI confirmed that North Korea's Lazarus Group — a state-sponsored hacking unit — stole $41 million from crypto gambling platform Stake.com by compromising the private keys used to authorise cryptocurrency transactions. Nation-state actors now treat crypto casinos as legitimate financial targets equivalent to banks.
Lazarus Group (North Korea) stole $41M from Stake.com in a single attack.
How the Stake.com Attack Worked
The Lazarus Group attack on Stake.com targeted the private keys controlling the platform's cryptocurrency hot wallets. Once they obtained the keys — likely through a combination of social engineering and malware targeting the devices of key personnel — they had the ability to authorise transactions indistinguishable from legitimate ones. $41 million was drained across multiple transactions before detection.
Why Crypto Casinos Are Nation-State Targets
Lazarus Group uses cybercrime to generate foreign currency for the North Korean regime. Crypto casinos represent an attractive target: large hot wallet balances for operational liquidity, cryptocurrency that can be laundered through DeFi protocols, and often weaker security than equivalent fiat financial institutions. The group has stolen an estimated $3 billion in cryptocurrency since 2017.
Frequently Asked Questions
Can a small crypto casino be targeted by nation-state actors?
Yes. Lazarus Group targets based on potential financial return, not operator size. Any platform holding significant cryptocurrency hot wallet balances is a potential target.
How do we protect private keys from theft?
Hardware security modules (HSMs) for key storage, multi-signature requirements for large transactions, air-gapped signing devices, and strict operational security around the personnel who manage keys.
Discuss crypto casino security with our team
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.