Another one bites the dust?
Indodax, a major Indonesian crypto exchange, recently faced a significant security breach, losing around $22 million in various cryptocurrencies. In response, the exchange has disabled its mobile and web platforms while investigating the incident thoroughly.
According to the latest crypto news, the attack, discovered on September 11, was flagged by several blockchain investigation firms, including PeckShield, Cyvers, and SlowMist.
As per reports, the hacker successfully targeted Indodax’s hot wallets, stealing large amounts of Bitcoin (BTC), Tronix (TRX), Ether (ETH), Polygon (POL), Shiba Inu (SHIB), and other tokens. SlowMist estimates that over $1.42 million in Bitcoin, $2.4 million in TRX, $900,000 in ETH (from the Optimism blockchain), and over $14.6 million in various ERC-20 tokens were taken.
Additionally, the hacker made off with $2.58 million in POL.
Cyvers’ investigation uncovered more than 150 suspicious transactions across multiple networks, noting that the hacker had started converting the stolen tokens into Ether. This often precedes the use of crypto-mixing services like Tornado Cash, which help criminals obscure the origins of the illicit funds.
In response, Indodax temporarily shut down all its services, informing users that the platform would remain inaccessible until the investigation is complete. Despite the breach, the exchange reassured its users that their crypto assets were secure.
There’s speculation that North Korea’s notorious Lazarus Group may be behind this attack. Yosi Hammer, Cyvers’ head of AI, suggested that:
The pattern and the characteristics of the (Indodax) attack highly resemble those of North Korea’s Lazarus Group.”
The Lazarus Group has been linked to a growing number of high-profile crypto hacks, including a $235 million heist from WazirX in July.
Indodax currently holds a reserve balance of $369 million, according to CoinMarketCap, which may be used to cover some of the losses suffered by its users.
