Indonesian cryptocurrency exchange Indodax has temporarily shut down following a significant cyber breach that is believed to have resulted in the theft of around $22 million in various digital currencies.
On September 11, several blockchain analysis companies, including PeckShield, Cyvers, and SlowMist, reported unauthorized access to Indodax's hot wallets, where losses included substantial amounts of Bitcoin, Ether, Tron (TRX), Polygon (MATIC), and others.
SlowMist's independent assessment indicated that a vulnerability in Indodax's withdrawal system may have allowed the perpetrator to siphon off funds directly from its hot wallet. Cyvers, however, suggested that additional systems, such as a signature machine, may also have been compromised during the attack.
The reported theft included approximately $1.42 million in Bitcoin, $2.4 million in TRX, over $14.6 million in various ERC-20 tokens, $2.58 million in Polygon, and around $900,000 in Ether from the Optimism blockchain. Cyvers detected over 150 suspicious transactions across multiple networks, highlighting that the hacker began exchanging the stolen assets for Ether. After converting their ill-gotten gains to ETH, cybercriminals often use mixing services like Tornado Cash to launder the funds discreetly.
In response to the breach, Indodax announced via social media that it would halt all operations to thoroughly investigate the incident. The company reassured its users that their cryptocurrency assets would remain secure during this maintenance period. "Currently, we are conducting comprehensive maintenance to ensure all systems function properly. During this time, the INDODAX web platform and application will not be accessible," a spokesperson stated.
Amid the investigation, security expert Yosi Hammer from Cyvers hinted at the potential involvement of North Korea's notorious hacking group, Lazarus Group, suggesting that the attack's characteristics align closely with their previous operations.
According to data from CoinMarketCap, Indodax maintains a reserve balance of $369 million, a portion of which might be leveraged to mitigate user losses.
This incident is not an isolated case, as North Korean hackers have increasingly targeted the cryptocurrency sector. The recent $235 million hack of the WazirX exchange was also attributed to the Lazarus Group.
As the crypto landscape continues to evolve, exchanges must bolster their security to protect against sophisticated cyber threats. This incident serves as a stark reminder for investors to stay vigilant and for exchanges to implement stringent security protocols.
