On September 14, Remitano, a renowned cryptocurrency exchange, encountered an unsettling incident when an anomalous withdrawal of roughly $2.7 million in digital assets occurred, sparking fears of a potential cyber intrusion.
Cyvers, a notable platform specializing in blockchain analytics, sounded the alarm bells at approximately 12:45 UTC. They highlighted a series of dubious transactions wherein a recognized Remitano hot wallet seemingly commenced transfers to a previously inactive address.
The transaction in question comprised diverse cryptocurrencies: an estimated $1.4 million in Tether (USDT), a sum of $208,000 in USD Coin (USDC), and a tally of 104,000 Ankr tokens, which was valued at around $2,000 during that period.
Reacting promptly to this potential threat, Tether’s management intervened, placing the suspicious address on lockdown. This decisive measure successfully obstructed any further transfers of the compromised USDT, ensuring that $1.4 million of the pilfered funds remained secure.
In a subsequent development, as the clock hit roughly 3:21 UTC on September 15, PeckShieldAlert, a security and blockchain analytics platform, unveiled more disconcerting details.
Remitano exchange, already grappling with earlier suspicious transactions, encountered further unauthorized activities. This time, over $2.7 million was siphoned from its wallets associated with the Ethereum and TRON blockchains.
PeckShieldAlert highlighted Tether’s proactive stance amidst this crisis. Tether management intervened by freezing two addresses on the Ethereum, BCH, and TRON networks, which were presumably linked to the malicious actor or actors behind these activities. This pivotal action effectively safeguarded the entirety of the jeopardized $2.7 million in USDT.
Delving deeper into the illicit chain of events, PeckShieldAlert revealed that the adversary, operating on the Ethereum blockchain, traded the pilfered USDC and Ankr tokens. These were exchanged for an estimated 163 ETH, which, at the time, was valued at approximately $264,000. Not stopping there, these ill-gotten ETH funds were then channeled to the HitBTC exchange.
Lazarus Group Suspected in Wave of Crypto Exchange Hacks, Leading to Over $200 Million in Stolen Funds in 2023
Throughout 2023, the cryptocurrency landscape bore witness to an unsettling surge in cyber-attacks targeting exchanges. These malicious incursions resulted in the unauthorized access to private keys, leading to the exfiltration of vast sums of digital assets.
The U.S. intelligence and law enforcement agencies have pointed fingers at the Lazarus Group as the primary orchestrator behind these attacks. This cybercriminal consortium is widely believed to operate under the auspices of the North Korean regime, further intensifying the gravity of the situation.
One of the most significant breaches occurred on September 4, when Stake, a prominent crypto gambling platform, fell victim to a cyber heist. This audacious operation led to a loss of $41 million. The FBI corroborated these allegations in an official communique released three days after the incident, on September 7.
Cumulatively, the illicit endeavors of the Lazarus Group in 2023 have reportedly culminated in the theft of cryptocurrencies valued at over $200 million, marking a perilous phase in the digital assets sector.
On September 12, CoinEx, a digital currency exchange, faced a probable cyberattack, which led to significant withdrawals from four of its primary wallets. The losses totaled more than $27 million.
The Lazarus Group has been linked to several other major cyber breaches, including those against Alphapo, CoinsPaid, and Atomic Wallet.
Combined, these breaches in 2023 resulted in thefts surpassing $200 million. Specifically, Alphapo, a payment platform, reported unexpected withdrawals surpassing $65 million on July 23.
In a similar vein, CoinsPaid, another payment facilitator, reported a loss of over $37 million following social engineering attacks in late July.
Furthermore, Atomic Wallet users faced a shocking loss of $100 million in June, believed to be caused by an unidentified vulnerability.
