Remitano - REKT

Another exchange drained.

First Stake, then CoinEx. Is Lazarus going for a September hat-trick?

In the third (almost identical) story of this month so far, Remitano has lost $2.7M from hot wallets on Ethereum and Tron.

Suspicious withdrawals were again detected by Cyvers and Remintano dragged their feet in responding (only publicly announcing the incident over 20 hours after the attack began).

However, this time there was some good news.

Tether’s quick response in freezing funds vastly reduced the attack profits from $2.7M to just $260k.

Are we… learning?

Credit: PeckShield, Cyvers

The attack, which began at 12:47 PM UTC yesterday, was yet another example of a simple hot-wallet draining due to a private key compromise.

With two similar high-profile incidents in the last two weeks, it seems plausible that this is also the work of the Lazarus Group, a highly sophisticated DPRK state-sponsored hacking group.

The official announcement from Remitano doesn’t specify exactly how hackers gained access to the hot wallet addresses in question, but does blame the theft on “a data breach from a third-party source”.

The post explains that upon notification of the breach, they consolidated assets from other hot wallets into secure cold storage addresses, and collaborated with Tether to freeze funds.

A total of 1.9M in USDT was frozen by Tether across the two chains, the remaining funds on Ethereum were swapped to ETH and deposited to an exchange, thought to be either HitBTC or Changelly. The funds on Tron remain in the hacker’s address.

Attacker addresses:

ETH: 0x74530e81e9f4715c720b6b237f682cd0e298b66c

TRON: TEDNf1aqk8YJEUdNH9NRd4MqibZmdP49Fm

Assets stolen on ETH:

1.36M USDT

210k USDC

34.4 ETH

100k ANKR

And on TRON:

540k USDT

3.75M TRX.

This time, Tether responded quickly enough to save the majority of funds, and Cyvers have called on exchanges to check deposits and block any funds that weren’t frozen.

However, in general, the industry response to these types of events tends to be slow and incomplete.

Granted, we should expect more from custodians’ ability to secure their wallets, but there is still often a glaring failure in action after the fact.

Even funds with clear links to Lazarus are being freely moved in and out of major exchanges, with chain checkers only able to watch the flow in real time.

Even the most well-respected exchanges don’t seem keen to do the right thing, apparently happy to perpetuate the stereotype of a lawless cryptosphere when they would surely benefit from some good publicity right now.

The technology on which our industry is based allows us to do much better.

How long will they keep getting away with this?

share this article

REKT serves as a public platform for anonymous authors, we take no responsibility for the views or content hosted on REKT.

donate (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C


REKT is not responsible or liable in any manner for any Content posted on our Website or in connection with our Services, whether posted or caused by ANON Author of our Website, or by REKT. Although we provide rules for Anon Author conduct and postings, we do not control and are not responsible for what Anon Author post, transmit or share on our Website or Services, and are not responsible for any offensive, inappropriate, obscene, unlawful or otherwise objectionable content you may encounter on our Website or Services. REKT is not responsible for the conduct, whether online or offline, of any user of our Website or Services.