Remitano Crypto Exchange Suffers $2.7 Million Loss in Exploit

Summary

On September 14, 2023, Remitano, a cryptocurrency exchange, fell victim to a security breach, resulting in unauthorized transactions on the Ethereum and TRON blockchains and a significant financial loss of $2.7 million. This incident was primarily a hack of the exchange’s hot wallet, triggered by a data leak from a third-party source. Tether’s prompt intervention helped freeze the attacker’s addresses, securing 1.9 million USDT and averting further potential losses. The stolen assets were converted to 163 ETH and transferred to HitBTC.

Attackers

The identity of the attacker is unknown. The following addresses are associated with this attack:

Losses

Remitano lost approximately $2,700,000 during the attack and $1.9 million was frozen by Tether. The drainer swapped the stolen USDC and ANKR for 163 ETH (264000 USD) and transferred them to HitBTC.

Assets stolen on Ethereum:

Assets stolen on Tron:

Timeline

Security Failure Causes

  • Compromised Private Key: The breach was initiated through a data compromise from a third-party source, exposing sensitive information about the exchange. This security lapse enabled unauthorized transactions, resulting in the illicit transfer of funds from the exchange’s hot wallets to suspicious addresses.