On September 11, 2024, one of Indonesia’s largest cryptocurrency exchanges, Indodax, fell victim to a devastating hack that resulted in the loss of approximately $22 million worth of various digital assets.
The breach specifically targeted Indodax’s hot wallets, a common vulnerability in the crypto space, which store active trading assets online, making them more accessible to attackers.
The stolen assets included popular cryptocurrencies such as Bitcoin, Ethereum, TRON, and Polygon. Blockchain analysis firms like SlowMist and Cyvers were among the first to detect and report the suspicious transactions.
According to their investigation, over 150 suspicious transactions were identified, with the hacker swiftly converting the stolen tokens into Ethereum to obfuscate the trail through crypto mixing services like Tornado Cash.
Indodax Halts Operations Amid Investigation
In response to the hack, Indodax has temporarily suspended its services, including access to its web and mobile platforms, to conduct a thorough investigation. The exchange reassured its 4.3 million users that their funds, both in cryptocurrency and fiat, remain secure despite the breach.
While the company has not provided detailed information on the exact nature of the attack, it is clear that the platform’s hot wallets were compromised, and a full system maintenance is now underway.
Indodax’s management issued a statement through social media, informing users about the security issue and urging patience as they work on restoring the platform’s security. The exchange emphasized that the balance of users’ accounts remains intact, promising further updates once the investigation is complete.
This incident marks yet another major crypto exchange hack, with growing suspicions that the notorious North Korean hacking group Lazarus might be involved, based on similar patterns seen in previous large-scale hacks targeting crypto exchanges.
