On September 4, 2023, during the attack on the online casino Stake.com, hackers managed to steal cryptocurrency from the Ethereum, MATIC, and BNB Chain (formerly Binance Smart Chain) networks, amounting to over $41 million.
A portion of the funds stolen from the Ethereum network was initially directed to addresses believed to be associated with the Lazarus Group and included in the U.S. Office of Foreign Assets Control (OFAC) sanctions lists. Subsequently, the funds were transferred to two addresses:
Afterward, the funds were distributed across various addresses
and routed to THORChain, where 'chain-hopping'
occurred - exchanging from the Ethereum (ETH) network to Bitcoin (BTC).
Some of the funds were directed to the decentralized cryptocurrency exchange aggregator, 1inch Network. Using it, ETH was exchanged for the ERC-20 standard USDT stablecoin, which was then transferred to THORChain. Through the cross-chain bridge, USDT was converted into BTC. One of the Bitcoin addresses of the recipients, for example, is the address bc1q6z6y8e335wd3ys5zr0qvqpgztw359w0e9zlpgm
(see figure 1).