Indodax Crypto Exchange Suffers Major Hack, Over $22 Million in Losses
Indonesian cryptocurrency exchange Indodax has temporarily suspended its operations following a significant breach that resulted in the loss of approximately $22 million in various digital assets.
The company has taken its mobile and web applications offline to investigate the incident.
On September 11, blockchain investigation firms PeckShield, Cyvers, and SlowMist raised alarms regarding an attack on Indodax’s hot wallets.
The breach reportedly allowed hackers to withdraw substantial amounts of Bitcoin, Ether, Tron, and several ERC-20 tokens. Cyvers identified over 150 suspicious transactions across multiple networks, indicating that the attacker had begun swapping stolen assets for Ether.
According to SlowMist's investigation, the breach originated from a vulnerability in Indodax's withdrawal system. In contrast, Cyvers suggested that other systems, including the signature machine, may have also been compromised.
The stolen assets included over $1.42 million in Bitcoin, $2.4 million in Tron tokens, $14.6 million in various ERC-20 tokens, $2.58 million in Polygon, and $900,000 in Ether from the Optimism blockchain.
Yosi Hammer, head of AI at Cyvers, speculated that the attack bore similarities to previous operations attributed to North Korea’s Lazarus Group.
This group has been implicated in several high-profile hacking incidents, including the $235 million theft from the WazirX exchange in July.