Indonesian crypto exchange Indodax goes offline after suspected $22M hack
Indonesian crypto exchange Indodax suffered a loss of approximately $22 million in various cryptocurrencies and has since disabled its mobile and web applications to investigate the breach.
On Sept. 11, multiple blockchain investigation firms — including PeckShield, Cyvers and SlowMist — alerted that there had been an attack on Indodax’s hot wallets. The hacker stole large amounts of Bitcoin BTCUSD, Tronix TRXUSD, Ether ETHUSD, Polygon MATICUSD and Shiba Inu SHIBUSD, among other tokens.
SlowMist’s independent investigation suggested a breach in Indodax’s withdrawal system allowed the hacker to withdraw funds from the exchange’s hot wallet. Cyvers, on the other hand, believed other systems were attacked, such as the signature machine.
The hacker stole over $1.42 million in Bitcoin, $2.4 million in Tron’s TRX, over $14.6 million in various ERC-20 tokens, $2.58 million in POL and $900,000 in ETH from the Optimism blockchain.
Cyvers detected more than 150 suspicious transactions over multiple networks and reported that the hacker had started swapping the tokens to Ether. After converting their stolen funds to ETH, hackers typically use crypto mixing services such as Tornado Cash to siphon the loot anonymously.
Indodax shuts all operations to investigate hack
Shortly after the breach was revealed on social media, Indodax acknowledged the hack and informed users it would temporarily shut down its services. The company said in a statement:
The crypto exchange reassured investors that their crypto assets were safe.
Yosi Hammer, head of AI at Cyvers, suspects the involvement of North Korea’s infamous cryptocurrency hackers, the Lazarus Group. He told BSCN:
According to CoinMarketCap data, Indodax has a reserve balance of $369 million, part of which could be repurposed to recoup investors’ losses.
North Korean hackers increasingly target the crypto community
The largest hack in July, in which crypto exchange WazirX lost $235 million, was also attributed to North Korea’s Lazarus Group.
While Web3 security firm Cyvers initially flagged the attack, blockchain forensics firm Elliptic told Cointelegraph that specific patterns and techniques in the WazirX attack led it to believe North Korean hackers were behind the incident.
Cryptocurrency investigator ZachXBT also reached a similar conclusion.