Remitano Crypto Exchange Suffers $2.7 Million Loss in Exploit

Summary

On September 14, 2023, Remitano, a cryptocurrency exchange, fell victim to a security breach, resulting in unauthorized transactions on the Ethereum and TRON blockchains and a significant financial loss of $2.7 million. This incident was primarily a hack of the exchange’s hot wallet, triggered by a data leak from a third-party source. Tether’s prompt intervention helped freeze the attacker’s addresses, securing 1.9 million USDT and averting further potential losses. The stolen assets were converted to 163 ETH and transferred to HitBTC.

Attackers

The identity of the attacker is unknown. The following addresses are associated with this attack:

• 0x74530e81e9f4715c720b6b237f682cd0e298b66c
• TEDNf1aqk8YJEUdNH9NRd4MqibZmdP49Fm

Losses

Remitano lost approximately $2,700,000 during the attack and $1.9 million was frozen by Tether. The drainer swapped the stolen USDC and ANKR for 163 ETH (264000 USD) and transferred them to HitBTC.

Assets stolen on Ethereum:

• 1,359,253 USDT
• 208,188 USDC
• 34.4 ETH
• 104,360 ANKR

Assets stolen on Tron:

• 537,915 USDT - first and second transactions
• 3,750,700 TRX

Timeline

• September 14, 2023, 03:48:59 PM UTC: Initial malicious transaction occured.
• September 14, 2023, 10:46 PM UTC: Suspicious withdrawals were detected by Cyvers
• September 15, 2023, 04:35 PM UTC: Remitano announces security vulnerability in an X post.
• September 15, 2023: Remitano releases updated recovery plan.
• September 15, 2023: Immunebytes published a detailed analysis of the incident.

Security Failure Causes

• Compromised Private Key: The breach was initiated through a data compromise from a third-party source, exposing sensitive information about the exchange. This security lapse enabled unauthorized transactions, resulting in the illicit transfer of funds from the exchange’s hot wallets to suspicious addresses.