Tech Report, one of the most longstanding and reputable sources for hardware news, technology guides, and unbiased product reviews on the internet, continues to prioritize editorial independence and the accuracy of its content. This commitment is unwavering, ensuring that readers receive high-quality, factual information.
Recently, leading Indonesian cryptocurrency exchange Indodax suffered a significant security breach, resulting in a loss of approximately $22 million. In the aftermath of this breach, Indodax has proactively disabled its mobile and web applications to conduct a thorough investigation and reinforce its security measures.
The incident came to light when blockchain security firms PeckShield, Cyvers, and SlowMist detected unusual activities related to Indodax’s hot wallets. The attacker managed to siphon off substantial amounts of Bitcoin (BTC), Tron (TRX), Ether (ETH), and Polygon (MATIC), among other digital assets.
Following these events, SlowMist carried out an independent probe and indicated that the breach might have stemmed from a vulnerability within Indodax’s withdrawal system. This flaw likely allowed the hacker to directly extract funds from the exchange’s hot wallet.
SlowMist’s findings revealed that the stolen assets were considerable, including over $1.42 million in Bitcoin (BTC), $2.4 million in Tron blockchain tokens, and more than $14.6 million in ERC-20 tokens. Additionally, the hacker seized $2.58 million in POL tokens from the Polygon network and around $0.9 million in Ethereum (ETH) from the Optimism blockchain.
Cyvers offered a different perspective, suggesting that multiple systems were compromised, particularly highlighting issues with the “signature machine” used for authorizing secure transactions. Cyvers also pointed out suspicious activities involving Indodax’s wallets across various blockchain networks. They noted that a suspicious address held $14.4 million and was in the process of converting the stolen tokens into Ethereum (ETH).
Once these assets are converted into ETH, it is anticipated that the hackers will use cryptocurrency mixing services like Tornado Cash to obscure the transaction trail and launder the assets anonymously.
Simultaneously, PeckShield reported on X about significant cryptocurrency outflows from Indodax amounting to $15.7 million. They detailed that these funds were dispersed across several blockchains, with 5,204 ETH stored on an Ethereum address, 6.8 million POL on the Polygon network, and 380 ETH on the Optimism network.
In response to these developments, Indodax made a statement on X, confirming that their security team had identified potential vulnerabilities within their platform. They have initiated comprehensive maintenance procedures to safeguard their system’s integrity. During this period, Indodax has temporarily shut down its website and app but assured clients that their funds are entirely secure.
CoinMarketCap data reveals that Indodax holds a reserve balance of approximately $369 million, which could be utilized to compensate investors for any losses resulting from the breach.
Furthermore, Yosi Hammer, head of AI at Cyvers, speculated that the notorious North Korean hacking group Lazarus might be behind this attack on Indodax. In an interview with BSCN, Hammer noted similarities between this hack and previous tactics employed by the Lazarus Group.
Historically, North Korea’s Lazarus Group has been implicated in some of the largest cryptocurrency hacks ever recorded. For instance, in July, they were suspected of orchestrating a $235 million attack on the WazirX exchange, as flagged by Cyvers and blockchain forensics firm Elliptic.