Indonesian crypto exchange Indodax fell victim to a hack, in which $22 million in value was stolen. Details of the attack were shared by SlowMist in this X-post.

🚨SlowMist Security Alert🚨

Indonesian crypto exchange @indodax suffered an attack a few hours ago, with the hacker stealing various tokens from hot wallets. The total loss is approximately $22 million💸. Below are the details of the losses⬇️ pic.twitter.com/r4i0rBbctJ
— SlowMist (@SlowMist_Team) September 11, 2024

After investigation by blockchain research companies such as Cyvers, PeckShield and SlowMist, it was found that an attack had been made on the exchange's hot wallets. In the process, the hackers stole large amounts of Bitcoin, Ethereum, Polygon, Tron and Shiba Inu.

According to SlowMist's investigation, a vulnerability in the crypto exchange's recording system made the hack possible. Cyvers reports, however, that the method of attack likely targeted other systems, such as the signature machine.

Most of the stolen value, $14.6 million, was taken from the crypto exchange in the form of ERC-20 tokens. In addition, the hackers stole "only" $1.4 million worth of Bitcoin. According to Cyvers, the hackers converted the tokens into Ether and tried to disguise the origin by using crypto-mixers such as Tornado Cash.

After the hack came to light, Indodax informed its users that the exchange would go offline to plug the security holes. They planned to perform a "full maintenance" so that the system would soon be fully and securely functioning again.

The leader of the AI department at Cyvers, Yosi Hammer, suspects that the North Korean hacker group Lazarus is behind the theft. The pattern of the attack on the crypto exchange Indodax is said to be very similar to that of the Lazarus Group.

The Lazarus Group is known as a notorious hacker in the crypto world. The attack on the Indian crypto exchange WazirX would have been carried out by this group.