Indonesian cryptocurrency exchange Indodax has become the latest victim in a series of high-profile cyber attacks, suffering the theft of approximately $22 million in various digital assets. This incident highlights the ongoing vulnerabilities within the cryptocurrency ecosystem.
Indodax Pauses Platform Operations Due to Security Breach
Blockchain security firm SlowMist revealed in a recent post that hackers managed to steal an array of digital assets. These included Bitcoin (BTC), multiple ERC-20 tokens from the Ethereum (ETH) blockchain, TRX and USDT tokens from the Tron (TRX) blockchain, Polygon (POL), and ETH from the Optimism (OP) blockchain. The total estimated loss stands at around $22 million.
Indodax has confirmed the breach and has temporarily halted all platform operations under the guise of “maintenance” activities. The trading platform has reassured its users that their crypto funds are safe, stating:
“Currently, we are conducting a complete maintenance to ensure the entire system is operating properly. During this maintenance process, the INDODAX web platform and application are temporarily inaccessible.”
Founded in 2014, Indodax serves a large portion of the Indonesian crypto market and recorded a total trading volume of just over $11 million in the past 24 hours. This breach is a significant setback for the platform, which has worked tirelessly to build trust within the crypto community.
Analysis and Insights from Blockchain Security Firms
SlowMist’s analysis has ruled out a typical hot wallet hack. Instead, the security firm suggests that the withdrawal system of Indodax might have been compromised. This breach could have given hackers access to the exchange’s hot wallet, enabling them to withdraw funds seamlessly.
Similarly, digital assets security firm Cyvers noted “multiple suspicious transactions involving wallets on different networks.” The wallet address suspected of orchestrating the hack was observed swapping various tokens to ETH. While the hacker’s next steps are unclear, they often use cryptocurrency mixers like Tornado Cash to obscure their transaction trails.
According to CoinMarketCap, Indodax has sufficient reserves to cover the stolen funds. As of now, Indodax’s total financial reserves are valued at $367 million, with the bulk of their assets distributed among digital currencies such as BTC, ETH, PEPE, SHIB, and USDT. Arkham Intelligence estimates the total reserves to be even higher, at around $409 million.
Cryptocurrency Hacks Surge in 2024
Yosi Hammer, head of AI at Cyvers, discussed the Indodax hack with BSCN, noting that the attack patterns closely resemble those used by the notorious North Korean hacking group Lazarus. This group has been behind several high-profile crypto hacks in recent years.
Followers of the crypto industry will remember Lazarus for their involvement in multiple significant hacks, including the recent breach of Indian cryptocurrency exchange WazirX, which resulted in the loss of $234 million in user funds. This ongoing threat underscores the need for enhanced security measures within the cryptocurrency industry.
A recent report by Immunefi has highlighted that hackers are keeping pace with advancements in crypto security. The value of stolen funds has increased by 15.5% compared to the same period in 2023. This alarming trend continues to put pressure on exchanges to bolster their security protocols.
As of the latest data, Bitcoin (BTC) trades at $56,701, reflecting a 1% decrease in the past 24 hours. The fluctuating value of BTC and other cryptocurrencies further complicates the landscape for exchanges striving to maintain security and trust.
