Indonesian cryptocurrency exchange Indodax has recently experienced a significant security breach, resulting in the theft of approximately $22 million worth of digital assets. This unfortunate event has highlighted the vulnerabilities in the rapidly growing crypto market.
According to a detailed report by blockchain security firm SlowMist, the hackers managed to steal a variety of digital assets. These included Bitcoin (BTC), multiple ERC-20 tokens from the Ethereum (ETH) blockchain, TRX and USDT tokens from the Tron (TRX) blockchain, Polygon (POL), and ETH from the Optimism (OP) blockchain. The cumulative loss from this breach is estimated to be around $22 million.
Indodax has acknowledged the hack and, as a precautionary measure, has temporarily halted all platform operations under the guise of “maintenance” activities. Despite this interruption, the trading platform has reassured its users that their cryptocurrency funds remain secure. Indodax stated:
“We are currently undergoing comprehensive maintenance to ensure the entire system operates properly. During this maintenance period, the INDODAX web platform and application will be temporarily inaccessible.”
Established in 2014, Indodax primarily caters to the Indonesian crypto market. The exchange recently recorded a total trading volume slightly exceeding $11 million within a 24-hour window, underscoring its significant presence in the region.
SlowMist’s thorough analysis has ruled out the possibility of a hot wallet hack. Instead, the blockchain security firm suspects that Indodax’s withdrawal system may have been compromised. This vulnerability potentially granted hackers access to the exchange’s hot wallet, enabling them to withdraw funds seamlessly.
Similarly, digital assets security firm Cyvers detected “multiple suspicious transactions involving wallets on different networks.” The wallet address believed to have orchestrated the hack was observed swapping various tokens for ETH. While the hacker’s next moves remain uncertain, they typically employ cryptocurrency mixers like Tornado Cash to obscure their transaction trail.
Data from CoinMarketCap suggests that Indodax has ample reserves to cover the lost funds. At the time of writing, Indodax’s total financial reserves amount to $367 million, with substantial holdings in digital currencies such as BTC, ETH, PEPE, SHIB, and USDT. However, Arkham Intelligence estimates place this figure even higher, at $409 million.
Yosi Hammer, head of AI at Cyvers, informed BSCN that the characteristics and patterns of the Indodax hack bear a striking resemblance to those employed by the notorious North Korean hacking group Lazarus.
The Lazarus Group is infamous within the crypto industry for executing numerous high-profile hacks over recent years. For example, a recent attack on Indian cryptocurrency exchange WazirX was linked to Lazarus, resulting in a loss of $234 million in user funds.
A recent report by Immunefi highlighted that hackers are continually adapting to advances in crypto security. The value of total stolen funds has increased by 15.5% compared to the same period in 2023. As of now, BTC is trading at $56,701, marking a 1% decline over the past 24 hours.
Featured Image from Unsplash.com, Charts from CoinMarketCap.com, TradingView.com