Indonesian cryptocurrency exchange Indodax has gone offline following a suspected hack that led to the theft of around $22 million in various digital assets. The breach, revealed on September 11, prompted the exchange to disable its web and mobile platforms to investigate the incident.
Blockchain investigation firms, including PeckShield, Cyvers, and SlowMist, reported that Indodax’s hot wallets had been compromised. The hacker reportedly stole significant amounts of Bitcoin, Tronix, Ether, Polygon (POL), Shiba Inu, and other tokens. SlowMist’s analysis suggested that a vulnerability in Indodax’s withdrawal system allowed the hacker to siphon funds from the exchange’s hot wallet. Cyvers proposed that other systems, such as the signature machine, might have also been targeted.
The stolen assets included over $1.42 million in Bitcoin, $2.4 million in Tron (TRX), $14.6 million in ERC-20 tokens, $2.58 million in Polygon (POL), and $900,000 in Ether from the Optimism blockchain. Over 150 suspicious transactions were detected across multiple networks, with the hacker reportedly converting the stolen tokens into Ether, a common tactic used before laundering funds through crypto mixing services like Tornado Cash.
Indodax swiftly acknowledged the breach on social media, announcing a temporary shutdown of its services to ensure system integrity. The exchange reassured its users that their assets remained secure.
Yosi Hammer, head of AI at Cyvers, pointed to possible involvement by North Korea’s notorious Lazarus Group, known for previous high-profile crypto heists, suggesting the attack bore similar hallmarks.
With a reserve balance of $369 million, Indodax could potentially utilize these funds to compensate affected investors. The incident underscores a growing trend of North Korean hackers targeting the cryptocurrency sector.