Indodax, Indonesia’s largest cryptocurrency exchange, was hit by a massive cyber attack on September 11, 2024. It resulted in the loss of $22 million. The attack was aimed at hot wallets, and the attackers made away with BTC, ETH, and TRX, among others.
Therefore, Indodax has ceased operations to fix the vulnerability and avoid more losses after the breach.
Hack Hits Indodax Hot Wallets
Security firms SlowMist and CertiK identified the hot wallets of Indodax as hacked. The hack allowed attackers to withdraw more than $22 million in tokens. Among the stolen assets there were $1.4 million in Ethereum, $2.4 million in Tron, $1.4 million in Bitcoin, and other cryptocurrencies.
Blockchain analysis showed that more than 150 doubtful transactions took place prior to the funds being transferred to Ethereum.
The breach is quite severe, but the exchange still has more than $400 million worth of tokens on its platform. Nevertheless, the exchange suspended all platform activities and claimed the move was to perform ‘maintenance.’ Users complained of missing wallet funds, thus questioning the hackers’ scope of the attack.
Possible Lazarus Group Involvement
Yosi Hammer, head of Artificial Intelligence at Cyvers, stated that the tactics adopted in the attack resembled previous hacks. And the said tactics were linked to the Lazarus Group of North Korea.
This notorious group has been associated with several large scale cryptocurrency thefts including the recent Ronin Network hack. The hackers are reportedly in the process of laundering the stolen assets. They may choose to use Tornado Cash to anonymize the transactions.
The exact way in which the attack was carried out is still being analyzed by blockchain security professionals. Some believe that Indodax’s withdrawal systems were hacked, while others think that the signature machine was used to approve the transactions that were not supposed to be approved. Despite the lack of specific information, the public has been advised to exercise caution.
Rising Crypto Crimes and Regulatory Challenges
This incident is not a standalone case as there has been an increase incrypto-related crimes in recent times. On September 9, 2024, the U. S. FBI revealed that crypto fraud and scams had risen by 45% in 2023 compared to the previous year.
The total of losses were estimated to have reached more than $5.6 billion. As for cryptocurrencies, the FBI has noted that due to their decentralization, they are easily used for theft and money laundering.
FBI Director Christopher Wray encouraged public to report similar crimes saying that this will help the authorities formulate new strategies. As such, crypto transactions are transparent and can be easily tracked. However, they can be easily transferred to another country, making it hard for law enforcement to pursue culprits.
This has consequently resulted in people demanding for tightening of laws, in a bid to shield investors from such risks.
Indodax Reassures Users but Faces Scrutiny
To this end, Indodax has sought to calm its users by revealing that all cryptocurrencies and fiat money balances are safe from the recent hack. Unfortunately, the exchange’s Instagram account was also compromised and used to promote a fraudulent giveaway, which only casts doubt on the platform’s security.
However, there are some concerns that some of these exchanges may not have adequate protection mechanisms to safeguard investors. Since its establishment in 2014, Indodax has become one of the biggest crypto trading platforms in Indonesia, with more than 4.3 million registered users.
The company has been approved by the Commodity Futures Exchange Supervisory Board as well as the Ministry of Communication and Information of the Republic of Indonesia. Nevertheless, this hack has given rise to some concerns. There are doubts about the efficiency of these measures and whether more supervision is required in the sphere of cryptocurrencies.
The Indodax breach is the most recent of the many crypto exchange hacks that have occurred in the past. Peckshield, a blockchain security company, identified over 10 major hacks in August 2024, with losses amounting to $313.86 million.
A Question of Safety
These attacks were mainly phishing and unauthorized transactions, which prove that the biggest and the most successful social networks are still not safe enough. With the increasing usage of cryptocurrencies all around the world, the risks connected with it, are also increasing.
By 2024, cryptocurrencies have became more popular. They are adopted by the mainstream financial markets with the launch of ETFs and a high level of political participation. However, the risks are increasingly coming to light as both the retail and institutional investors are victims of a growing number of complex attacks.
