Indonesian cryptocurrency exchange Indodax recently faced a severe security breach leading to a suspected loss of approximately $22 million in various cryptocurrencies. In response, Indodax has temporarily disabled both its mobile and web applications as it delves into an investigation to understand the breach’s full extent.
Details of the Breach
The attack, which occurred on September 11, specifically targeted Indodax’s hot wallets, which are online systems used for storing and transactions of digital currencies. Blockchain investigation firms PeckShield, Cyvers, and SlowMist first alerted the public to the incident. The hacker(s) managed to extract substantial amounts of major cryptocurrencies, including Bitcoin, Tronix, Ether, Polygon, and Shiba Inu.
Breakdown of Stolen Assets
According to SlowMist’s findings, the breach originated from a vulnerability in Indodax’s withdrawal system that allowed unauthorized fund transfers from the hot wallet. Meanwhile, Cyvers suggested that additional systems, including the signature machine, might have also been compromised. Here’s a breakdown of the estimated losses by cryptocurrency:
- Bitcoin: Over $1.42 million
- Tronix (TRX): Approximately $2.4 million
- ERC-20 Tokens: Around $14.6 million
- Polygon (POL): $2.58 million
- Ether (ETH): $900,000 from the Optimism blockchain
Further investigations detected over 150 suspicious transactions spanning multiple networks. It was reported that the attacker started converting the stolen assets to Ether and likely used crypto mixing services like Tornado Cash to obscure their tracks.
Indodax’s Response to the Hack
In the aftermath of the breach, Indodax took swift action by shutting down its trading operations to conduct thorough system maintenance. The exchange assured its users that measures were being taken to secure all systems and assets:
- Statement from Indodax: “Currently, we are conducting a complete maintenance to ensure the entire system is operating properly. During this maintenance process, the INDODAX web platform and application are temporarily inaccessible.”
Despite the operational halt, Indodax has reassured its customers that their crypto assets remain secure.
Potential Culprits Behind the Attack
Yosi Hammer, the head of AI at Cyvers, speculated that the pattern of the attack bears resemblances to those conducted by North Korea’s Lazarus Group, known for their sophisticated cyberattacks primarily targeting financial institutions. The Lazarus Group was also linked to another major hack in July, where crypto exchange WazirX lost $235 million.
Global Implications and Security Concerns
This incident has highlighted significant vulnerabilities within the cryptocurrency industry, especially concerning the security of hot wallets. It underscores the need for enhanced protective measures across exchanges to safeguard investor assets and maintain trust in the digital currency markets.
The broader cryptocurrency community has reacted with concern to the rising frequency and sophistication of cyberattacks. Experts stress the importance of exchanges implementing robust security protocols and maintaining constant vigilance against potential vulnerabilities.
As Indodax works to rectify the aftermath of this substantial security breach, the crypto industry continues to face significant challenges in ensuring the security of digital assets. This event not only affects Indodax and its users but also serves as a critical reminder for all stakeholders in the digital currency space to prioritize and continually update their cybersecurity measures.