On September 14, 2023, the P2P cryptocurrency exchange Remitano lost approximately $2.7 million when its hot wallets were drained — USDT, ANK, USDC and ETH swept in a coordinated outflow. The on-chain laundering pattern matched concurrent Lazarus Group operations.
What happened
The compromise was a private-key / signing-infrastructure breach of Remitano's hot wallets — not a smart-contract bug. ~$1.4M USDT (frozen by Tether on detection), plus ANK, USDC and ETH were moved to attacker-controlled addresses and laundered through cross-chain routes. Tether's freeze of the USDT recovered a meaningful slice.
Aftermath
- Remitano paused withdrawals and absorbed the loss; Tether froze ~$1.4M mid-laundering.
- The incident fell inside the dense September 2023 Lazarus cluster alongside Stake.com, CoinEx, and Mixin Network.
Why it matters
Remitano is one more data point on the catalogue's largest line: mid-size exchanges with inadequate hot-wallet key isolation are routine Lazarus targets, picked by ease of compromise rather than size. Tether's freeze also reinforces a recurring recovery channel — stablecoin-issuer freezes are one of the few mechanisms that reliably claw back a portion of an exchange hot-wallet drain, which is precisely why sophisticated operators immediately swap stolen stables into ETH/BTC before issuers can act.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-remitano-hack-september-2023
- [02]coingape.comhttps://coingape.com/remitano-exchange-hit-by-2-7m-hack-tether-locks-down-1-4m/
- [03]rekt.newshttps://rekt.news/remitano-rekt