Indodax, an Indonesian cryptocurrency exchange, is the most recent victim of a cyber attack. It has been speculated that the North Korean Lazarus Group may have orchestrated the incident.
Cyber security platforms PeckShield, SlowMist and Cyvers have confirmed the existence of this malware.
Indodax was targeted by the attack and a total of $22,000,000 worth of crypto currencies including Bitcoin, Ether and Tron were stolen.
Cyvers reports that the thieves made 150 transactions, and immediately began to exchange the money for Ether. This is a common tactic used by criminals in order to avoid the assets being blacklisted.
Ethereum does not allow the alteration of address permissions. Other ERC-20 Tokens, however, can use a mapping feature within their smart contract to keep a list of blacklisted addresses.
The attackers will often launder stolen funds via Tornado Cash, a cryptocurrency mixer.
Details about the attack
The heist in this case involved more than $1.4 million worth of Bitcoins, $2.4 million Tron tokens and over $14 million in ERC-20 Tokens. Around $2.58 Million in POL was also stolen, as well as $900,000.
Cyvers claims that the attack was caused by a leaked private key of Indodax hot wallet, which could have been due to an Indodax signature machine breach — the device to approve and sign transactions.
SlowMist estimates that this exploit was caused by a flaw in the withdrawal system of the exchange, which enabled the attackers to steal funds from hot wallets.
Indodax, meanwhile, suspended its services after admitting the security breach. Its website was down as of the publication date.
The platform posted on X that it “was conducting a complete service” and assured its users their money was safe.
The exchange warned its users in a post that they should avoid entities that pretend to be Indodax, and offer fund recovery services.
Fraudsters use this common tactic to trick people who have experienced a security breach into sending them money by falsely promising that they will help retrieve their funds.
The exchange announced that it would give away 3 million Rupiah ($200) per hour, to three lucky winners, to provide relief for its users while the maintenance is ongoing. This is a very unusual move in this situation.
Indodax, however, has an impressive reserve of $369m, according to CoinMarketCap, which could help to compensate investors.
Lazarus group suspected
Yosi Hammer, the Head of AI for Cyvers, suggested the attacks were similar to those carried out previously by the Lazarus Group, a notorious North Korean crypto-heist group.
Lazarus was suspected to be behind both the attack of July 18, 2018 on Indian crypto exchange WazirX and the Lazarus Group. Tornado Cash was used to launder $230 million in assets stolen from WazirX’s hot wallets.
A severe attack on the platform led to its complete closure. It is currently pursuing a Singapore Scheme of Arrangement.
ICD has previously revealed that the North Korean hacking group, backed by its state, was involved in 25 hacks of various blockchains between August 2020 and October 2023.
The post Indodax hack for $22 Million, Lazarus Group suspect may be updated as new developments unfold
