Hackers are using online casinos, including the gambling giant Stake, to multiply and attempt to launder their ill-gotten gains, according to account balances, chat logs, and other screenshots obtained by 404 Media. Some people in this wider underground community have accounts worth hundreds of thousands of dollars and have won tens of thousands, according to some of those screenshots.
The news provides insight into what some hackers actually end up doing with cryptocurrency they have stolen, with some people flexing their winnings (or lamenting their losses) in the screenshots. To a lesser extent, the material also shows the potential use of gambling as a cleaning mechanism for the hackers’ stolen cryptocurrency, as risky as that might be.
“You win $60,000,” one screenshot of an online blackjack game shared in a hacking community group chat reads. The player’s balance is shown as more than $360,000. Another screenshot from someone logged into Stake appears to show a balance of more than $110,000 in Ethereum. A gallery of images obtained by 404 Media.
Stake offers a variety of games for people to gamble on, including traditional ones like blackjack, and sports betting too. In September, the FBI attributed a recent theft of $41 million in virtual currency from Stake to North Korean hackers. The company has had relationships with a series of high profile sports teams and athletes and pop stars like Drake.
Some of the hackers using Stake and other online casinos come from The Com (or sometimes known simply as “com”), an overarching term for a community that includes hackers, gamers, and girls who are sometimes groomed by other participants. A section of that is focused on SIM swapping, which are hackers who take over phone numbers in a variety of ways to then, among other things, empty cryptocurrency accounts. As I’ve reported extensively, members have increasingly turned to physical violence too as SIM swapping targets have dried up or as an alternative way to source funds. In court records related to a specific group inside the Com, an FBI agent wrote that members made their money not just by stealing it from others, but also “online gambling.”
“I used to wash money thru stake and rollbit,” one person wrote on Telegram, with Rollbit being another online casino. Direct messages between two individuals obtained by 404 Media also mention “depo’ing u on stake,” or depositing money for others into a Stake account. Other people share screenshots of their Stake panels to flex how much they’ve allegedly gambled over time.
To start gambling, Stake users may need to verify their account by uploading a copy of their ID, in 404 Media's own tests. Fortunately for hackers who don’t want to provide their own identity, some underground sellers offer either pre-verified Stake accounts for sale, or they advertise the ability to verify existing accounts.
One post in a SIM swapper focused Telegram group offers such verifications for $100 each, and says they use real photo IDs.
As users gamble more money through their Stake account, Stake offers more benefits, including a “dedicated VIP host” or the ability to earn passive income on the amounts they bet. In one Telegram post, someone claimed to be offering a Platinum 4 account for sale, which would have required wagers of $2.5 million.
How effective it is to move cryptocurrency through Stake or other online casinos as a laundering mechanism is unclear. Over the past several years, the industry that sells tools to law enforcement for tracing cryptocurrency has only grown in size and sophistication.
Neither Stake or Rollbit responded to multiple requests for comment.