Numerous Payoneer users in Argentina have reported waking up to discover that their 2FA-protected accounts were hacked, resulting in the theft of funds after receiving SMS OTP codes while they were sleeping. Payoneer, a financial services platform facilitating online money transfer and digital payments, is widely used in Argentina for earning in foreign currencies while circumventing local banking regulations. Users reported losing access to their accounts or finding empty wallets, with losses ranging from $5,000 to $60,000. The victims received SMS requests for password reset approval, but many claim not to have granted permission, and some did not notice the SMS until after the theft occurred.
Investigations into the hacks revealed that most affected users were customers of mobile service providers Movistar and Tuenti, with the majority using Movistar. Speculation arose about a recent Movistar data leak being behind the attacks, although the leaked data did not include users’ email addresses necessary for Payoneer password resets. Another theory suggests a breach in the SMS provider used to deliver OTP codes, enabling threat actors to access codes sent by Payoneer. Payoneer, however, attributed the incidents to phishing attempts and placed blame on users for clicking on URLs in SMS phishing texts and entering login details on phishing pages.
Payoneer users in Argentina have expressed frustration, disputing Payoneer’s claims and accusing the platform of deflecting responsibility. Despite a lack of clarity on the attack’s precise mechanism, Payoneer users in Argentina are advised to withdraw funds or disable SMS-based 2FA and reset their account passwords. Payoneer has acknowledged the issue, citing ongoing efforts to address the fraud and collaboration with authorities. The company emphasized the seriousness of fraud prevention and pledged to actively educate customers on safeguarding their accounts while working to protect funds and recover losses on a case-by-case basis.
