Indodax, one of Indonesia's leading cryptocurrency exchanges, suffered a major security breach resulting in losses of approximately $20.5 million. According to Cyvers, a blockchain security firm, the attack was complex and affected multiple blockchains, with a suspected link to North Korea's Lazarus Group.
Details of the Exploit
Cyvers, a leading blockchain security firm, detected suspicious activity when 660 ETH were transferred from Indodax’s hot wallet, prompting an immediate investigation. Over 160 critical red flags were raised during the attack, indicating a breach of multiple asset chains and rapid fund transfers. The attack affected several cryptocurrencies including Bitcoin (BTC), Ethereum (ETH), Tron (TRX), and others. Initial estimates placed the losses at $18.2 million, but the latest tally revealed a total loss of $20.58 million. The breakdown of the losses includes: $13.3 million in ETH, $2.5 million in TRX, $2.5 million in MATIC, $1.4 million in BTC, and $883,000 in OP.
Indodax's Response
Following the attack, Indodax temporarily took its platform down for maintenance, assuring users that their crypto and rupiah funds were safe. In a statement on X (formerly Twitter), Indodax mentioned that complete maintenance is underway to ensure platform security. However, the exchange has not provided further details about how the breach occurred or the measures being taken to prevent future incidents.
Previous Security Challenges for Indodax
This is not the first time Indodax has faced security-related issues. In June 2023, Indonesian authorities arrested two fraudsters who impersonated Indodax on fake social media accounts. These individuals lured victims with fake investment opportunities, stealing around 625 million Indonesian Rupiah (approximately $40,500). While this incident was unrelated to the current exploit, it underscores the security challenges faced by the exchange.
The breach at Indodax is just one in a series of high-profile crypto attacks this year. According to Immunefi’s Q2 2024 Crypto Losses Report, cybercrime in the crypto industry has significantly surged. In Q2 alone, nearly $570 million was stolen across various platforms, following $200 million in losses during Q1.
Comments