Indodax Suffers Crypto Hack, Lazarus Group Suspected To Be Responsible

The Indonesian crypto exchange Indodax recently suffered a crypto hack, with the exploiter stealing $20 million. Blockchain security firm Cyvers revealed that North Korea’s hacker crew, Lazarus Group, might be responsible for the exploit. Onchain data shows that the hacker swapped the stolen funds for major crypto assets, including Bitcoin and Ethereum.

Indodax Loses $20 Million In Crypto Hack

A SpotOnChain report showed that the Indonesian crypto exchange Indodax had suffered a $20 million crypto hack. The platform further stated that the hacker had swapped most of the stolen assets for native cryptocurrencies. The hacker currently holds 5,204 ETH ($12 million), 25 BTC ($1.41 million), 6.84M POL ($2.56 million), and 16.7M TRX ($2.55 million), among several other crypto assets.

Meanwhile, Indodax has yet to release a complete report on how the crypto hack occurred. Following the exploit, the crypto exchange informed its customers in an X post that their security team had discovered a “potential security issue” and was conducting complete maintenance to ensure that their entire system was operating properly.

Currently, we are conducting a complete maintenance to ensure the entire system is operating properly. During this maintenance process, the INDODAX web platform and application are temporarily inaccessible. But don’t worry, we can assure you that your balance remains 100% safe both in crypto and rupiah.

The exchange’s co-founder, William Sutanto, assured customers that their assets were safe and that there was no need for them to worry as the platform would cover the losses from the exploit. In an update on September 13, Sutanto mentioned while the platform is still under maintenance, they have made progress, having found the security hole exploit that the attacker used.

He added that they are working to remove the hole and are also currently working with world-class cybersecurity consulting firms to audit the platform to ensure there are no more backdoors in the system. He confirmed that the exchange will recommence operations once the audit is done. Sutanto also again assured users that their assets are safe and that they will be able to trade them as usual once the platform is back up.

Lazarus Group Suspected of the Crypto Hack

Lazarus Group is suspected to be responsible for the crypto hack on Indodax. Cyvers Head Of Ai Yosi Hammer’s statement noted that the pattern in which the exploit was carried out resembles that of the North Korean hacker group. Lazarus Group is known for carrying out some of the largest crypto hacks. In 2023, the group stole over $300 million across several exploits.

This may not be the first time that Indodax has been a victim of the Lazarus Group. In 2018, the hacker group hacked an Indonesian crypto exchange, which is believed to have been Indodax. Following the exploit, the group stole almost $25 million.

Crypto Crimes Remain A Concern

The recent exploit on the Indonesian crypto exchange Indodax again highlights how crypto scams remain a major concern. In July, the Indian exchange WazirX was hacked, with $230 million stolen. Amid an ongoing investigation, the hacker has continued to move the stolen funds. Coingape recently reported that the WazirX hacker transferred 10,000 ETH ($23 million). The hacker moved 5,000 ETH through Tornado Cash to make them untraceable, while the other half was moved to another address so they could launder the funds.

In a bid to fight crypto crimes, Tether and TRON recently collaborated to form the T3 financial crime unit alongside TRM labs. Although the unit’s major focus will be to fight illicit activities involving USDT, it is a step in the right direction as more crypto stakeholders collaborate to combat crypto exploits.