
Cryptocurrency exchange Indodax suffered losses of $22 million as a result of the attack
September 12, 2024
On September 11, several blockchain investigation companies reported an attack on the hot wallets of the Indodax exchange.
Investigation by SlowMist and Cyvers
An independent investigation conducted by SlowMist revealed that the criminals exploited a vulnerability in Indodax’s withdrawal system. This allowed them to gain access to the exchange’s hot wallet and withdraw assets. Additionally, Cyvers believes that the attack affected other security systems, particularly the signing machine.
Extent of the damage
According to reports, hackers stole over $1.42 million in BTC, $2.4 million in TRX, more than $14.6 million in ERC-20 tokens, $2.58 million in POL, and $900,000 in ETH from the Optimism blockchain. The total value of the stolen assets exceeded $21 million.
Shortly after the breach was reported on social media, Indodax acknowledged the attack and informed users about the temporary suspension of its services. The statement said that maintenance is underway to restore the system’s proper functioning. For now, the exchange’s website and app are unavailable.
Suspected involvement of Lazarus Group
The head of artificial intelligence at Cyvers expressed suspicion that North Korean hackers from the Lazarus Group, notorious for large-scale crimes in the cryptocurrency sector, may be behind the attack.