Stake.com account drained $178K, need help, looks targeted

[coldcoffeebean]

Hi all,

Long-time Stake VIP, first time posting like this. I don't know what to do anymore and I'm hoping someone here has seen this before.

What happened, in order:

May 5: Two random tips landed on my account from accounts I didn't know. $0.14 LTC and $1 USDT. Looked weird but I ignored it. Same day, a $2,500 USDT affiliate leaderboard payout from sangtarr.com hit my vault (this was legitimate, I'd actually placed). Within hours someone withdrew that $2,500 to a Tron wallet that wasn't mine.

May 5 to May 9: Four days of nothing. I kept playing normally. Hit a couple of NBA sportsbook bets for around $38K in winnings during this window.

May 9, 22:40 UTC: The account was drained. Two consecutive Ethereum withdrawals to the same attacker wallet, 24 seconds apart. First $7,028 USDC. Then $178,450 USDT. Both went to the same address. Drain-to-the-last-decimal amount on the USDT. No fresh 2FA prompt between the two withdrawals.

Looking back at it now, the small tips and the early Tron withdrawal feel like signaling and testing. Someone was watching the account, took a small test withdrawal first, waited four days for my balance to grow with the sportsbook wins, then triggered the main drain.

The destination wallet on Ethereum is currently active and laundering funds in a peel-chain pattern, receiving from multiple sources. I think there's more than one of us.

Stake Recovery sent a template denial citing ToS Section 4.16 and told me to update 2FA before they restore access. No engagement with the on-chain evidence, no engagement with the IP session log showing foreign sessions through M247 Quebec Infrastructure, Cloudflare WARP, and Apple Private Relay. My legitimate access is a single NordVPN Vancouver exit, so every other session in the log is foreign.

Where I am now:

I'm down around $400K lifetime on this account, money I gave Stake fair and square playing over years. Now another $178K is stolen on top of that, and the response from their VIP team is to point me at Section 4.16 of the terms and tell me it's my responsibility.

I believe there have been cases where Stake has worked with users in situations like this. I just can't get my case in front of anyone who can actually make that call. Recovery is a template wall (4.16, update your 2FA, end of conversation). My VIP host hasn't been able to escalate me. I can't reach a senior compliance agent or anyone at a higher VIP level who can look at the evidence and decide on its merits.

If anyone here has pushed past this kind of denial on Stake before, or knows the right contact to actually get a case reviewed properly, please reach out. If you've been drained in a similar way, especially to the same destination wallet on Ethereum, please reply, I think there's more than one of us.

I have the full evidence (transaction hashes, destination wallets, session logs, email correspondence) and I'll share with anyone investigating or affected.

Thank you.

[AHOYBRAUSE]

One thing I totally don’t understand. So the leaderboard payout hit your account and then was withdrawn by somebody that is not you. Yet you didn’t contact support or took any action?? Sounds a bit weird. Also how all of the would be possible without without 2FA is also hard to comprehend.
Guess stake won’t do anything Barbour it since they always say players have to keep their credentials safe. Hope you can get this solved but it doesn’t look good for sure.

[ene1980]

It is really unfortunate, looks like a malware attack on your device to hijack your session and hence Stake did not get any system triggers to block the withdrawal. Check your system thoroughly for malware and change all your passwords.

If you could post the destination wallet, that will be helpful for everyone to check.

One thing I totally don’t understand. So the leaderboard payout hit your account and then was withdrawn by somebody that is not you. Yet you didn’t contact support or took any action?? Sounds a bit weird. Also how all of the would be possible without without 2FA is also hard to comprehend.

It is possible if his sessions were hijacked using a malware.

[coldcoffeebean]

Fair question, let me explain.

The $2,500: this is a high-balance VIP account, $2,500 doesn't catch the eye in real-time. The withdrawal happened at 00:46 UTC on a Sunday while I was asleep, so when I noticed movement on that figure later it looked like the credit had moved, not been stolen. I only connected it to the main drain afterwards.

The 2FA: the two big Ethereum withdrawals on May 9 happened 24 seconds apart with no fresh 2FA between them. That fits session-token hijacking (post-auth cookie theft via infostealer or AitM), which bypasses 2FA entirely because the attacker is already authenticated from the server's view. No password guess, no code intercept needed.

The transactions on chain:
Ethereum, USDC, 7,028.5239: https://etherscan.io/tx/0x05ea14baae1aab8e90187eb3f8131ec2e651dcc275d22ab22bc6d48458613030
Ethereum, USDT, 178,450.272326: https://etherscan.io/tx/0xa7cb9929660f20ffb2321081760822af5b59d44bac6feede6d89f71bb2399641

Both withdrawn from Stake hot wallet 0x974CaA59e49682CdA0AD2bbe82983419A2ECC400 (the same wallet identified as the victim contract in the September 2023 Stake hack attributed to Lazarus Group).

Destination wallet on Ethereum: 0xe0e841e7E07aa8A6b51CADeC7AFB4F298122C0ec
https://etherscan.io/address/0xe0e841e7E07aa8A6b51CADeC7AFB4F298122C0ec

Destination on Tron (for the $2,500 leg): TCY8KDVWBV2vPTK4t8fqYvyJpRjUyAGoPU

The Ethereum destination is currently active. Peel-chain laundering pattern with repeat drain-to-the-decimal amounts (60,025.150538 USDT sent out twice, 7,028.5239 USDC sent out twice). Receiving inflows from multiple sources, not just my account.

If anyone has been drained into this wallet, has tagging on it, or recognizes the pattern, please reply or DM.
Thanks.

[Shishir99]

If I understand correctly, you were hacked by someone from the outside, not by stake employee. It does not fall under the scam accusation against Stake. Since you said that the account was hacked, I assume your other casino/exchange and social media account credentials are not safe as well. You should change the password and terminate all the active sessions from everywhere. I have been hacked before. The chance of getting your funds back is nearly zero.

Just keep tracking the funds and see if they end up in any centralized exchanges. If you can track that, you might have a small chance to report it and get the funds frozen. But you need to start a legal procedure for that. Good luck.

[coldcoffeebean]

If I understand correctly, you were hacked by someone from the outside, not by stake employee. It does not fall under the scam accusation against Stake. Since you said that the account was hacked, I assume your other casino/exchange and social media account credentials are not safe as well. You should change the password and terminate all the active sessions from everywhere. I have been hacked before. The chance of getting your funds back is nearly zero.

Just keep tracking the funds and see if they end up in any centralized exchanges. If you can track that, you might have a small chance to report it and get the funds frozen. But you need to start a legal procedure for that. Good luck.

Thanks for the input. To clarify, I'm not posting under Scam Accusations, this is in Gambling discussion as a community help request and pattern warning, exactly because it's not a scam-against-Stake situation.

The reason I think it's worth public attention: the destination wallet is receiving inflows from multiple sources in a peel-chain laundering pattern, with drain-to-the-last-decimal repeat amounts characteristic of automated tooling. Combined with the same Stake hot wallet that was the victim contract in the September 2023 Lazarus Group hack, the pattern suggests multiple accounts are being targeted, not just mine.

I'm not assuming Stake employees were involved. The two scenarios I'm working with are: (1) coordinated external campaign hitting multiple Stake VIPs through session-token theft or similar, or (2) a deeper authorization-layer issue similar to what was exploited in 2023.

Either way, the right move for any other affected user is to check whether withdrawals from their account went to 0xe0e841e7E07aa8A6b51CADeC7AFB4F298122C0ec. If yes, we're in the same campaign and there's strength in collective evidence.

Already filed police report and freeze requests with Tether and Circle independently.

[ryzaadit]

If anyone has been drained into this wallet, has tagging on it, or recognizes the pattern, please reply or DM.
Thanks.

For what purpose ?

I think, something like these usually your fund is gone. 100% not gonna to back again to the victim, I agree with @AHOYBRAUSE while on the first case should be a warning shots for you and seems @ene1980 giving a goods post too regarding malware.

Either way, the right move for any other affected user is to check whether withdrawals from their account went to 0xe0e841e7E07aa8A6b51CADeC7AFB4F298122C0ec. If yes, we're in the same campaign and there's strength in collective evidence.

Already filed police report and freeze requests with Tether and Circle independently.

Even is somehow you collect a lots evidence, how long actually the fund is being freeze ? the one who did it is not stupid either. Are gonna to make the fund sitting there with such long time on the currency are can freeze. They usually mixer the fund to currency like XMR in the end.

[coldcoffeebean]

To compare evidence and confirm whether multiple Stake accounts are being drained into the same wallet. If yes, it's a coordinated campaign and the collective on-chain pattern (multiple victims, same destination, repeat drain-to-the-decimal amounts, peel-chain laundering) becomes much harder for Stake to dismiss as isolated user-side compromises.

[ryzaadit]

To compare evidence and confirm whether multiple Stake accounts are being drained into the same wallet. If yes, it's a coordinated campaign and the collective on-chain pattern (multiple victims, same destination, repeat drain-to-the-decimal amounts, peel-chain laundering) becomes much harder for Stake to dismiss as isolated user-side compromises.

Stake.com had an accident of leaking data years ago: https://bitcointalk.org/index.php?topic=5568910.0

Basically, because of these tragedies, "Stake.com" user will always getting a target. The success of the target is always depends on the user, just to make sure double-confirm for everything information you are clicked from every emails or other option are being sent to you.

To avoided getting accesses to your account.

[coldcoffeebean]

To compare evidence and confirm whether multiple Stake accounts are being drained into the same wallet. If yes, it's a coordinated campaign and the collective on-chain pattern (multiple victims, same destination, repeat drain-to-the-decimal amounts, peel-chain laundering) becomes much harder for Stake to dismiss as isolated user-side compromises.

Stake.com had an accident of leaking data years ago: https://bitcointalk.org/index.php?topic=5568910.0

Basically, because of these tragedies, "Stake.com" user will always getting a target. The success of the target is always depends on the user, just to make sure double-confirm for everything information you are clicked from every emails or other option are being sent to you.

To avoided getting accesses to your account.

Thanks for the pointer. You're right, the Mixpanel breach in November 2025 exposed Stake users' email addresses, dates of birth, and phone numbers, and Stake itself warned users about impersonation and phishing risks at the time. The attack on my account in May 2026 fits the typical 5-to-6 month attack development window after a data leak like that. So the "your credentials, your fault" defense Stake is using doesn't sit well with the fact that their own vendor leaked the data needed to target users. I'll be incorporating this into the next round of filings. Appreciate the heads-up.

[ryzaadit]

Thanks for the pointer. You're right, the Mixpanel breach in November 2025 exposed Stake users' email addresses, dates of birth, and phone numbers, and Stake itself warned users about impersonation and phishing risks at the time. The attack on my account in May 2026 fits the typical 5-to-6 month attack development window after a data leak like that. So the "your credentials, your fault" defense Stake is using doesn't sit well with the fact that their own vendor leaked the data needed to target users. I'll be incorporating this into the next round of filings. Appreciate the heads-up.

Sure no worry.

I think somehow you also needed some fully-scanned of your device too. If you have 2FA on, but they can bypas it somehow your device could be got some malware and you don't realized it. Just to make sure, you also don't get any these kind of tragedy especially on your wallet as well.

Carefull.