Indodax Crypto Exchange Goes Offline After $22M Hack
Indonesian crypto exchange Indodax recently experienced a significant security breach, losing approximately $22 million worth of various cryptocurrencies. The exchange has since suspended its operations to investigate the incident.
Details of the Hack
On September 11, blockchain security firms PeckShield, Cyvers, and SlowMist reported that Indodax’s hot wallets were hacked. The stolen assets included Bitcoin, Ether, Tron, Polygon, and other tokens. SlowMist’s investigation pointed to a vulnerability in Indodax’s withdrawal system, while Cyvers suggested that systems like the signature machine may have been compromised.
The hacker stole $1.42 million in Bitcoin, $2.4 million in Tron tokens, $14.6 million in ERC-20 tokens, $2.58 million in Polygon, and $0.9 million in Optimism’s Ether. Cyvers identified over 150 suspicious transactions across multiple networks, with the stolen funds eventually being converted into Ether. The hacker then used crypto-mixing services, such as Tornado Cash, to hide their tracks.
Indodax Shuts Down Services
In response, Indodax temporarily shut down its mobile and web platforms for maintenance, reassuring users that their assets were still safe. The exchange stated that the shutdown was necessary to investigate and secure the system after the breach.
North Korean Hackers Suspected
Yosi Hammer, Cyvers’ head of AI, suspects the attack was carried out by the Lazarus Group, a notorious North Korean hacking organization. The group has been linked to several high-profile crypto attacks, including a $235 million hack of the WazirX exchange in July.
CoinMarketCap data shows Indodax holds a reserve balance of $369 million, which could help mitigate losses for affected investors.
Hot wallets: Digital wallets connected to the internet, making them vulnerable to online attacks.
Tornado Cash: A crypto-mixing service used to obscure the origin of funds.