Indonesian crypto exchange Indodax suffered a loss of approximately $22 million in various cryptocurrencies and has since disabled its mobile and web applications to investigate the breach.
On Sept. 11, multiple blockchain investigation firms — including PeckShield, Cyvers and SlowMist — alerted that there had been an attack on Indodax’s hot wallets. The hacker stole large amounts of Bitcoin (BTC), Tronix (TRX), Ether (ETH), Polygon (POL) and Shiba Inu (SHIB), among other tokens.
Source: SlowMist
SlowMist’s independent investigation suggested a breach in Indodax’s withdrawal system allowed the hacker to withdraw funds from the exchange’s hot wallet. Cyvers, on the other hand, believed other systems were attacked, such as the signature machine.
The hacker stole over $1.42 million in Bitcoin, $2.4 million in Tron’s TRX, over $14.6 million in various ERC-20 tokens, $2.58 million in POL and $900,000 in ETH from the Optimism blockchain.
Cyvers detected more than 150 suspicious transactions over multiple networks and reported that the hacker had started swapping the tokens to Ether. After converting their stolen funds to ETH, hackers typically use crypto mixing services such as Tornado Cash to siphon the loot anonymously.
Indodax shuts all operations to investigate hack
Shortly after the breach was revealed on social media, Indodax acknowledged the hack and informed users it would temporarily shut down its services. The company said in a statement:
“Currently, we are conducting a complete maintenance to ensure the entire system is operating properly. During this maintenance process, the INDODAX web platform and application are temporarily inaccessible.”
The crypto exchange reassured investors that their crypto assets were safe.
The Indodax website was made inaccessible to users amid the hack investigation. Source: Indodex
Yosi Hammer, head of AI at Cyvers, suspects the involvement of North Korea’s infamous cryptocurrency hackers, the Lazarus Group. He told BSCN:
“The pattern and the characteristics of the (Indodax) attack highly resemble those of North Korea’s Lazarus Group.”
Related: Lazarus Group laundered over $200M in hacked crypto since 2020
According to CoinMarketCap data, Indodax has a reserve balance of $369 million, part of which could be repurposed to recoup investors’ losses.
Indodax’s financial reserves. Source: CoinMarketCap
North Korean hackers increasingly target the crypto community
The largest hack in July, in which crypto exchange WazirX lost $235 million, was also attributed to North Korea’s Lazarus Group.
While Web3 security firm Cyvers initially flagged the attack, blockchain forensics firm Elliptic told Cointelegraph that specific patterns and techniques in the WazirX attack led it to believe North Korean hackers were behind the incident.
Cryptocurrency investigator ZachXBT also reached a similar conclusion.
Magazine: Help! My parents are addicted to Pi Network crypto tapper