Indodax Crypto Exchange Hack: $22 Million Loss
Hack Details and Initial Responses
On September 11, 2024, Indonesian cryptocurrency exchange Indodax experienced a significant security breach. The attack targeted the exchange’s hot wallets, resulting in the loss of approximately $22 million worth of various cryptocurrencies. The stolen assets included Bitcoin, Ether, TRX, MATIC, and several other tokens.
Indodax responded by immediately suspending all operations and taking down its mobile and web platforms to investigate the breach. Multiple blockchain security firms such as PeckShield, Cyvers, and SlowMist were among the first to detect the attack and alert the public.
How the Hack Occurred
According to SlowMist’s investigation, the hacker exploited a vulnerability in Indodax’s withdrawal system, allowing unauthorized access to the exchange’s hot wallets. Cyvers suggested that other systems might have been compromised, including the signature machine used to authorize transactions.
Specific amounts stolen include:
- Over $1.42 million in Bitcoin
- $2.4 million in TRX
- More than $14.6 million in various ERC-20 tokens
- $2.58 million in POL
- $900,000 in ETH from the Optimism blockchain
Cyvers also detected over 150 suspicious transactions across multiple networks, indicating that the hacker was converting the stolen tokens to Ether, likely to use crypto mixing services like Tornado Cash to obscure the funds’ origins.
Indodax’s Official Statement
Shortly after the breach was made public, Indodax issued a statement confirming the hack and assuring users that a complete maintenance process was underway to ensure system integrity. The statement read:
“Currently, we are conducting a complete maintenance to ensure the entire system is operating properly. During this maintenance process, the INDODAX web platform and application are temporarily inaccessible.”
Potential Involvement of North Korean Hackers
Yosi Hammer, head of AI at Cyvers, suspects that the notorious North Korean Lazarus Group might be behind the attack. He noted that the methods and patterns observed in the Indodax hack are similar to those used by the Lazarus Group in previous incidents. This group has a history of targeting crypto exchanges and has been responsible for several high-profile hacks in the past.
Financial Reserves and Future Steps
Indodax holds a reserve balance of approximately $369 million, according to CoinMarketCap data. Part of these reserves could potentially be used to compensate investors for their losses. The exchange is expected to employ stronger security measures moving forward to prevent future breaches.
Increasing Threat from North Korean Hackers
This incident is part of a broader trend of North Korean hackers increasingly targeting the crypto community. In July 2024, crypto exchange WazirX suffered a $235 million loss, which was also attributed to the Lazarus Group. Web3 security firm Cyvers and blockchain forensics firm Elliptic both indicated that the techniques used in the WazirX hack bore the hallmarks of North Korean cybercriminals.
Conclusion
The Indodax hack underscores the ongoing risks and vulnerabilities within the crypto exchange ecosystem. As hackers become more sophisticated, exchanges must continually upgrade their security protocols to protect user assets. The involvement of well-known hacking groups like the Lazarus Group further complicates the situation, highlighting the need for constant vigilance and robust cybersecurity measures in the cryptocurrency industry.
