Leading Indonesian crypto exchange Indodax experienced a security breach, causing it to lose approximately $22 million. In response, the platform has disabled its mobile and web applications to investigate the incident and secure its systems.
T blockchain security firms PeckShield, Cyvers, and SlowMist raised alarms about suspicious activity involving Indodax’s hot wallets. The hacker successfully drained large amounts of Bitcoin (BTC), Tron (TRX), Ether (ETH), and Polygon (MATIC), among other tokens.
Crypto Exchange Indodax Loses Millions of Dollars in Recent Breach
Following the hack, SlowMist conducted an independent investigation and suggested that the breach may have originated from Indodax’s withdrawal system. This vulnerability likely enabled the hacker to withdraw funds directly from the exchange’s hot wallet.
According to SlowMist, the hacker stole substantial amounts from various blockchains. The stolen funds include over $1.42 million in Bitcoin (BTC), $2.4 million from Tron blockchain tokens, and over $14.6 million in ErC-20 tokens.
🚨SlowMist Security Alert🚨
Indonesian crypto exchange @indodax suffered an attack a few hours ago, with the hacker stealing various tokens from hot wallets. The total loss is approximately $22 million💸. Below are the details of the losses⬇️ pic.twitter.com/r4i0rBbctJ
— SlowMist (@SlowMist_Team) September 11, 2024
The criminal also stole $2.58 million in POL tokens from the Polygon network and approximately $0.9 million in Ethereum (ETH) from the Optimism blockchain.
However, Cyvers speculated that different systems were compromised, specifically pointing to the “signature machine” used in authorizing secure transactions.
Cyvers also flagged suspicious activity involving the exchange’s wallets across multiple blockchain networks. It noted that the suspicious address already held $14.4 million and was in the process of converting the stolen tokens to Ethereum (ETH).
🚨ALERT📷Hey @indodax , Our system has detected multiple suspicious transactions involving your wallets on different networks. Suspicious address already holds 14.4 million USD and swapping the tokens to Ether.
Want to keep your company off our alerts radar? Learn how to secure… pic.twitter.com/Lzpi5uthXS
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) September 10, 2024
Once the hackers convert the stolen funds to ETH, they would likely use cryptocurrency mixing services like Tornado Cash to launder the assets anonymously.
Meanwhile, Peckshield reported on X that it detected significant cryptocurrency outflows from Indodax amounting to $15.7 million.
#PeckShieldAlert Large outflow of cryptos (worth ~$15.7m) from @indodax on #Ethereum, #Polygon & #Optimism
The funds are now parked at the following address:#Ethereum 0x5910…48Df8 (5,204.3 $ETH)#Polygon 0x90Ff…904f (6,843,716.17 $POL)#Optimism 0x3B8F…eB6d (~380 $ETH) pic.twitter.com/li7Dwc9nfJ— PeckShieldAlert (@PeckShieldAlert) September 11, 2024
PeckShield further detailed that the funds were distributed across several blockchains. The criminals stored 5,204 ETH on an Ethereum address, 6.8 million POL on the Polygon network, and 380 ETH on the Optimism network.
Indodax Halts Operations Amidst North Korean Hack Suspicions
In response, Indodax posted on X, acknowledging its security team had identified potential vulnerabilities on the platform. It has initiated full maintenance to ensure its system’s integrity.
Due to the maintenance, Indodax temporarily shut down its website and app while assuring clients that their funds were 100% safe.
Meanwhile, CoinMarketCap data shows that Indodax holds a reserve balance of approximately $369 million. This could potentially be used to compensate investors for losses incurred from the recent breach.
The head of AI at Cyvers, Yosi Hammer, has expressed suspicions that the notorious North Korean hacking group Lazarus may have attacked Indodax. In an interview with BSCN, Hammer noted that the hacker’s tactics and methods were similar to those of the Lazarus group.
In a broader context, North Korea’s Lazarus Group has been linked to some of the largest cryptocurrency hacks in history. For example, in July, the Lazarus Group was also suspected of orchestrating a $235 million attack on the WazirX exchange. Cyvers and blockchain forensics firm Elliptic flagged the attack.
Elliptic identified similar attack patterns and techniques used by Lazarus in previous incidents, further reinforcing the connection. Also, cryptocurrency investigator ZachXBT came to the same conclusion, pointing to North Korea’s involvement in the WazirX breach.
Disclaimer: The opinions expressed in this article do not constitute financial advice. We encourage readers to conduct their own research and determine their own risk tolerance before making any financial decisions. Cryptocurrency is a highly volatile, high-risk asset class.
Our Editorial Process
The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.
