Crypto exchange Remitano experienced large withdrawals under suspicious circumstances on Sept. 14, which the team later confirmed was a hack. A total of $2.7 million worth of crypto was withdrawn through the attack. Tether froze one address the attacker allegedly used, potentially saving $1.4 million worth of customers’ crypto.
At approximately 12:45 pm on September 14, a known Remitano hot wallet began sending funds to an address with no prior history. Approximately $1.4 million worth of Tether (USDT), $208,000 worth of USD Coin (USDC) and 104,000 Ankr tokens (worth $2,000 at the time) were moved to the new address.
Blockchain analytics platform Cyvers alerted the crypto community about the alleged suspicious transactions.
ALERTOur ML-driven system has detected— Cyvers Alerts (@CyversAlerts) September 14, 2023
multiple anomalous transactions with @remitano
exchange, resulting in a total loss of $2.7M across 3
we contacted the team to halt any additional losses
and initiate efforts to recover suspected stolen funds#CyversAlert pic.twitter.com/lug03WzNh9
Tether subsequently froze the address to prevent the attacker from cashing out USDT, which prevented $1.4 million of the drained crypto from being moved any further.
Remitano acknowledged the attack in a September 15 blog post. "[O]ur Security Management team discovered a data breach from a third-party source that had compromised some of our sensitive information," the company stated. "As a result, a small amount of funds from the exchange's hot wallets were transferred to suspicious wallet addresses through unauthorized withdrawal transactions."
The exchange claimed that user funds "have NOT been and will NOT be affected by this incident" and it expects deposits and withdrawals to be available again within 48 hours. Bitcoin, Bitcoin Cash, and Litecoin deposits and withdrawals are still operational, the team said, but other networks may be unavailable.
Remitano is a peer-to-peer crypto exchange and payment processor that focuses on emerging markets. It serves users in Pakistan, Ghana, Venezuela, Cambodia, Kenya, Malaysia, India, South Africa, Vietnam and Nigeria.
There has been a rash of crypto exchange hacks in 2023 that resulted in leaked private keys and stolen funds. United States authorities claim that these attacks were caused by the Lazarus Group, a cybercrime organization believed to have ties to the North Korean government. The group allegedly stole $41 million from gambling site Stake on Sept. 4 and drained $27 million from Coinex on Sept. 12.
Update (September 15, 15:12 UTC): This article was updated to include information about a blog post by Remitano exchange acknowledging the hack.