Indodax Hacked for $22M as Lazarus Group Suspected, Exchange Halts Operations

Indodax, Indonesia's largest cryptocurrency exchange, was hit by a massive cyber attack on September 11, 2024. It resulted in the loss of $22 million.

Indonesia’s largest cryptocurrency exchange, Indodax, was hit by a cyber attack on September 11, 2024, which resulted in the loss of $22 million. The attack was aimed at hot wallets, and the attackers made away with BTC, ETH, TRX, among others.

Therefore, Indodax has ceased operations to fix the vulnerability and avoid more losses after the breach.

Hack Hits Indodax Hot Wallets

The hot wallets of Indodax were hacked, which was later identified by SlowMist and CertiK. The hack allowed attackers to withdraw more than $22 million in tokens. Among the stolen assets were $1.4 million in Ethereum, $2.4 million in Tron, $1.4 million in Bitcoin, and other cryptocurrencies.

Blockchain analysis showed that more than 150 doubtful transactions took place prior to the funds being transferred to Ethereum.

Indodax(@indodax) was hacked for $22M 10 hours ago, including:

6.14M $USDT;

1,047 $ETH($2.48M);

25 $BTC ($1.41M);

2.2M $MATIC($849K);

1.4M $ARB($749.6K);

2M $ENA($465K);

…

The hacker has converted most of the stolen assets into native tokens and currently holds: 5584… pic.twitter.com/mX2wmj75k7

The breach is quite severe, but the exchange still has more than $400 million worth of tokens on its platform. Nevertheless, the exchange suspended all platform activities and claimed the move was to perform ‘maintenance.’ Users complained of missing wallet funds, thus questioning the hackers’ scope of the attack.

Possible Lazarus Group Involvement

The tactics adopted in the attack resembled previous hacks, which were linked to the Lazarus Group of North Korea, stated Yosi Hammer, head of Artificial Intelligence at Cyvers.

This notorious group has been associated with several large scale cryptocurrency thefts including the recent Ronin Network hack. The hackers are reportedly in the process of laundering the stolen assets. They may choose to use Tornado Cash to anonymize the transactions.

ALERT?

Hey @indodax , Our system has detected multiple suspicious transactions involving your wallets on different networks. Suspicious address already holds 14.4 million USD and swapping the tokens to Ether.

Want to keep your company off our alerts radar? Learn how to secure… pic.twitter.com/Lzpi5uthXS

The exact way in which the attack was carried out is still being analyzed by blockchain security professionals. Some believe that Indodax’s withdrawal systems were hacked, while others think that the signature machine was used to approve the transactions that were not supposed to be approved. Despite the lack of specific information, the public has been advised to exercise caution.

Rising Crypto Crimes and Regulatory Challenges

This incident is not a standalone case as there has been an increase in crypto-related crimes in recent times. On September 9, 2024, the U. S. FBI revealed that crypto fraud and scams had risen by 45% in 2023 compared to the previous year.

The total of losses were estimated to have reached more than $5.6 billion. As for cryptocurrencies, the FBI has noted that due to their decentralization, they are easily used for theft and money laundering.

FBI Director Christopher Wray encouraged public to report similar crimes saying that this will help the authorities formulate new strategies. As such, crypto transactions are transparent and can be easily tracked. However, they can be easily transferred to another country, making it hard for law enforcement to pursue culprits.

This has consequently resulted in people demanding for tightening of laws, in a bid to shield investors from such risks.

Indodax Reassures Users but Faces Scrutiny

To this end, Indodax has sought to calm its users by revealing that all cryptocurrencies and fiat money balances are safe from the recent hack. Unfortunately, the exchange’s Instagram account was also compromised and used to promote a fraudulent giveaway, which only casts doubt on the platform’s security.

However, there are some concerns that some of these exchanges may not have adequate protection mechanisms to safeguard investors. Since its establishment in 2014, Indodax has become one of the biggest crypto trading platforms in Indonesia, with more than 4.3 million registered users.

The company has been approved by the Commodity Futures Exchange Supervisory Board as well as the Ministry of Communication and Information of the Republic of Indonesia. Nevertheless, this hack has given rise to some concerns. There are doubts about the efficiency of these measures and whether more supervision is required in the sphere of cryptocurrencies.

The Indodax breach is the most recent of the many crypto

The above is the detailed content of Indodax Hacked for $22M as Lazarus Group Suspected, Exchange Halts Operations. For more information, please follow other related articles on the PHP Chinese website!