The major Indonesian crypto exchange Indodax suffered a hack today that resulted in the loss of $22 million. The incident forced one of the country’s largest platforms used to trade digital assets to temporarily halt its operations, leaving 6.8 million customers in a state of complete uncertainty.

Various blockchain research and security firms identified the incident including PeckShield, Cyvers, and SlowMist. They spotted unusual and highly suspicious activities on Indodax’s hot wallets – an online storage system used by crypto exchanges to settle transactions quickly.

Cyvers recognized over 150 transactions across multiple blockchain networks. The scale and complexity of the attack suggest that the perpetrators were sophisticated hackers who had been coordinating the breach for quite some time.

Although initial estimates pointed to nearly $15 million stolen, updated information shared with Bitcoin.com News ultimately pointed to a total of $22 million.

Stolen Assets Include Over 5,000 ETH Tokens and 25 BTC

The hackers managed to extract a wide array of cryptocurrencies from Indodax’s hot wallets. A detailed breakdown of the stolen assets provided by an independent observer named Tay revealed further details about the theft:

  • 5,204 Ethereum (ETH), valued at $12.37 million.
  • 8 million POL tokens, worth $2.64 million.
  • 7 million Tron (TRX) tokens, totaling $2.55 million.
  • 01 Bitcoin (BTC), estimated at $1.44 million.
  • Miscellaneous ERC-20 tokens worth $1.2 million.
  • 380 ETH on the Optimism network, valued at $900,000.

The extensive list of tokens that were siphoned from the hack indicates that the perpetrators gained access to multiple wallets as they had to perform transactions on different blockchains.

Indodax Halt Operations and Claims Funds are Safe

“We would like to inform you that our security team has discovered a potential security issue on our platform,” Indodax informed users through its X account.

Moreover, it told users that it would temporarily disable its mobile application and web platform as a precautionary measure while the exchange is also carrying “complete maintenance” to avoid further damage.

In a statement aimed at reassuring its users, Indodax said: “don’t worry, we can assure you that your balance remains 100% safe both in crypto and rupiah.” However, the crypto community has received this notice with little hope amid the scale of the hack and evidence provided by crypto security firms.

No specific details about how the breach occurred or who may be behind the incident have been provided by Indodax. Moreover, they have not yet confirmed the extent of the losses they suffered.

Its decision to halt all of its operations, although necessary, also raises questions about its business continuity plans.

Meanwhile, in another suspicious turn of events, the exchange offered a giveaway 12 hours ago of 3 million rupiah (around $200) every 1 hour to 3 winners while the system remains “under maintenance.”

Crypto Experts Believe North Korean Hackers Could Be Behind the Breach

One of the most intriguing aspects of the Indodax hack is the suspected involvement of the infamous Lazarus Group, a hacking collective that is allegedly sponsored by the North Korean government.

Several cybersecurity experts have pointed out similarities between this attack and previous operations attributed to the Lazarus Group.

Yosi Hammer, Head of AI at Cyvers, commented on the speculation surrounding the Lazarus Group’s involvement:

We identified a significant security breach targeting Indodax’s hot wallet, resulting in a loss of over $20.5 million across multiple chains. Our real-time monitoring systems flagged 160 critical red flags at the onset, beginning with a transfer of 660 ETH. The attack exhibited characteristics typical of sophisticated hacking groups, such as the Lazarus Group, known for their rapid asset transfers, access control violations, and multiple swaps.

However, Hammer cautioned against premature attribution, stating that while the attack resembles other incidents where the Lazarus Group’s confirmed its involvement, further investigation is needed to confirm these ties.

The security firm is now focusing on determining whether the money laundering process associated with this attack matches the patterns typically observed in Lazarus Group operations.

The Lazarus Group has been implicated in several high-profile cryptocurrency hacks in recent years, including the $235 million theft from the WazirX exchange in July 2024. These attacks are believed to be part of a broader strategy by North Korea to circumvent international sanctions and amass foreign currencies and crypto assets through cybercrime.

The frequency with which these attacks are occurring has alarmed authorities. An investigation from the Federal Bureau of Investigation (FBI) found that, in 2023 alone, there were nearly 70,000 complaints filed with the agency for crypto-linked crimes and financial fraud involving digital assets.

The financial losses resulting from these incidents amounted to nearly $6 billion while investment fraud also caused losses of almost $4 billion to individuals and organizations in the United States.

FBI Director Christopher Wray emphasized how worrisome the threat is by stating: “Scams targeting investors who use cryptocurrency are skyrocketing in severity and complexity. The best way to help stop these crimes is for people to report them.”

Cyvers: Indodax Private Keys May Have Been Compromised

SlowMist claims that the hackers may have taken advantage of a vulnerability in the exchange’s withdrawal system. This weakness allowed them to bypass the security protocols and permitted the execution of unauthorized withdrawals.

 

Meanwhile, Cyvers said that the breach could be the result of a compromised system, including the exchange’s signature machine. Daddy Lavid, CEO of Cyvers, told BeInCrypto that the intruders may have managed to gain access to the platform’s private keys, which are used to access the hot wallets.

The discrepancy between these assessments highlights the complexity of the attack and the challenges faced by investigators to piece together the exact sequence of events. It also emphasizes the importance of adopting multi-layered security measures by cryptocurrency exchanges.

The Indodax hack will likely attract scrutiny from Indonesian financial regulators and could lead to calls for stricter oversight of cryptocurrency exchanges operating in the country. Indonesia, like many other nations, has been struggling to come up with appropriate regulations for the sector.

Since it is unclear how much money was lost and the extent to which users’ assets have been affected, Indodax must first come out with an official statement that provides additional details about the breach.

Moving forward, the exchange will need to address the technical vulnerabilities that led to the breach and work to rebuild trust with its user base. This incident will likely prompt other exchanges to reassess their own security protocols and disaster recovery plans.