On September 14, Remitano, a cryptocurrency exchange, experienced significant withdrawals under suspicious circumstances, eventually confirmed as a hack. The attack resulted in the withdrawal of approximately $2.7 million worth of cryptocurrency. In a proactive move, Tether froze an address believed to be used by the attacker, potentially preventing theft of around $1.4 million worth of customer cryptocurrency.
The breach unfolded around 12:45 pm on September 14 when funds from a known Remitano hot wallet were transferred to an address with no prior transaction history. Among the assets moved, $1.4 million in Tether (USDT) and 104,000 Ankr tokens (valued at $2,000 at the time) were sent to this new address.
The blockchain analytics platform Cyvers quickly raised an alert within the cryptocurrency community regarding these suspicious transactions. Responding to the situation, Tether acted swiftly by freezing the address, effectively blocking the attacker from cashing out the USDT. This action likely saved approximately $1.4 million in cryptocurrency from being lost.
Remitano officially acknowledged the hack in a blog post on September 15, explaining that a data breach from a third party had compromised sensitive information. This breach led to unauthorized withdrawals and the transfer of a small amount of funds from the exchange's hot wallet to suspicious accounts .
The exchange reassured its users that their funds had not been affected by this incident, emphasizing that deposits and withdrawals would resume within 48 hours. While the exchange still allowed deposits and withdrawals for Bitcoin, Bitcoin Cash, and Litecoin, other networks might not be fully operational during this period.
Remitano primarily operates as a peer-to-peer cryptocurrency exchange and payment processor with a focus on emerging markets. It caters to users in several countries, including Pakistan, Ghana, Venezuela, Cambodia, Kenya, Malaysia, India, South Africa, Vietnam, and Nigeria.
The cryptocurrency landscape in 2023 has witnessed a series of exchange hacks, resulting in the compromise of private keys and substantial fund losses. US authorities have attributed these attacks to the Lazarus Group, an entity believed to be connected to the North Korean government. Notably, the group allegedly executed a $41 million theft from the gambling platform Stake on September 4 and a $27 million hack against Coinex on September 12.
