TLDR:
- Indodax, an Indonesian crypto exchange, was hacked for approximately $22 million
- The exchange paused operations and disabled its platforms for investigation
- Multiple cryptocurrencies were stolen, including Bitcoin, Ether, Tron, and Polygon
- Security firms suspect the attack may be linked to North Korea’s Lazarus group
- Indodax claims user assets are safe despite the breach
Indonesian cryptocurrency exchange Indodax has fallen victim to a major security breach, resulting in the theft of approximately $22 million worth of various digital assets.
The incident, which occurred on September 11, 2024, has forced the exchange to temporarily suspend its operations and launch an investigation into the attack.
Indodax, established in 2014, is a centralized cryptocurrency exchange that primarily serves the Indonesian market. Prior to the hack, the platform had been processing around $11 million in daily trading volume. The exchange offers trading pairs for various cryptocurrencies against the Indonesian rupiah.
🚨SlowMist Security Alert🚨
Indonesian crypto exchange @indodax suffered an attack a few hours ago, with the hacker stealing various tokens from hot wallets. The total loss is approximately $22 million💸. Below are the details of the losses⬇️ pic.twitter.com/r4i0rBbctJ
— SlowMist (@SlowMist_Team) September 11, 2024
According to reports from security firms such as Slowmist and CertiK, the hackers managed to compromise Indodax’s hot wallets, which are online wallets used for day-to-day transactions. The stolen funds include over $14 million worth of Ether (ETH), $2.4 million in Tron’s TRX, $1.4 million in Bitcoin (BTC), and $2.5 million in Polygon’s MATIC, among other tokens.
The exact method used by the attackers to breach Indodax’s security remains unclear. Some security experts, like SlowMist, suggest that the exchange’s withdrawal system may have been compromised, allowing the hackers to transfer funds out of the hot wallets. Others, such as Cyvers, believe that multiple systems, including the signature machine, might have been targeted.
In response to the breach, Indodax quickly acknowledged the incident and took immediate action by pausing all platform operations. The exchange announced on its social media channels that it was conducting “complete maintenance to ensure the entire system is operating properly.” During this maintenance period, both the web platform and mobile applications have been made inaccessible to users.
Halo Member INDODAX,
Kami ingin menginformasikan bahwa team security kami menemukan potensi indikasi keamanan pada platform kami.
Saat ini, kami sedang melakukan pemeliharaan menyeluruh untuk memastikan seluruh sistem beroperasi dengan baik. Selama proses pemeliharaan ini,… pic.twitter.com/kYAc6ilERF
— indodax (@indodax) September 11, 2024
Despite the significant loss, Indodax has assured its users that their crypto assets remain safe. This claim is supported by data from Arkham, which shows that the exchange’s wallets still hold over $400 million worth of various tokens.
According to CoinMarketCap, Indodax’s total reserve balance stands at $369 million, which could potentially be used to cover the losses incurred by the hack.
The cryptocurrency community has been quick to respond to the news, with several blockchain investigation firms alerting the public about the attack. PeckShield, Cyvers, and SlowMist were among the first to report on the breach, providing details about the stolen assets and potential attack vectors.
Interestingly, some experts have drawn parallels between this attack and previous hacks attributed to the notorious Lazarus group, a hacking collective believed to be associated with North Korea. Yosi Hammer, the head of AI at Cyvers, stated that the pattern and characteristics of the Indodax attack closely resemble those of the Lazarus group. However, these claims remain speculative at this point.
Indodax has not yet provided a timeline for when its services will be restored. Users are advised to stay tuned to the exchange’s official communication channels for updates on the situation and any potential steps they may need to take to secure their accounts.