On Tuesday, September 10, Indodax, the largest and most popular crypto trading platform in Indonesia, was hacked, leading to the loss of about $22M in user funds.
Several blockchain investigation firms, including SpotonChain, SlowMist, Cyvers, and PeckShield, reported the unauthorized transactions that took place across multiple networks.
According to Indodax, the hack exploit initially involved about $14.4M in crypto assets, which were converted to ETH. However, Onchain data later revealed that the stolen assets had increased to close to $20M.
Indodax Crypto Platform Lost Over $20M In Cyber Exploit
Less than 24 hours ago, the Indodax crypto platform suffered a cyber exploit, with the hacker stealing over $20M in user funds.
SlowMist, a Blockchain security firm, revealed that the hacker stole various digital assets from the Optimism blockchain, amounting to about $22M, from different hot wallets.
According to SlowMist, the hacker exploited a security breach in the platform’s withdrawal system, which enabled the exploiter to make several withdrawals from the platform’s hot wallet.
SlowMist further added that the stolen funds include over $1.42M in BTC, $2.4M in various TRC-20 tokens, more than $14.6M in various ERC-20 tokens, $2.58M in POL, and $0.9M ETH.
However, Indodax later announced that the exploiter had converted the stolen funds to major cryptocurrencies and currently holds 5,204 Ethereum tokens (~$12M), 25 Bitcoin tokens (~$1.41M), 6.84M POL tokens (~$2.56M), 16.7M Tron TRX (~$2.55M), among many other cryptocurrencies.
This cyber attack came amid the ongoing investigation into the $235M million hack suffered by WazirX, a popular crypto exchange in India, in July.
Indodax Halt Operations To Investigate The Cyber Attack
Shortly after the hack report, Indodax temporarily stopped operations on its mobile and web apps, making them inaccessible to users, to investigate the hack.
At the time of writing this news, Indodax has not opened its platform to transactions but left a message on its website to inform users that the platform is currently “updating its system.”
However, Indodax assured all its users that their crypto assets are safe and secure. Also, on its X profile, the crypto platform posted a giveaway totaling 3M RUPIAH every 1 hour for 3 winners while its website is still under maintenance.
North Korean Lazarus Hackers At Work
According to the head of AI at Cyvers, Yosi Hammer, the Lazarus group, the infamous North Korean crypto hackers, are suspected to be behind the hack.
Yosi stated that the way and pattern the Indodax platform was hacked resembles those of the Lazarus Group.
The largest cyber exploit in July, where India’s WazirX lost about $235M, was also linked to the North Korean Lazarus group.