- Indodax was hacked with over $22 million worth of various tokens stolen.
- The exchange confirmed the security breach by pausing platform operations for "maintenance." However, there were indications of compromised social media activities, such as a suspicious giveaway announced on Instagram, suggesting further security issues.
Indonesia-based crypto exchange Indodax was hacked for over $22 million worth of various tokens early Tuesday in an apparent attack on their hot wallets, security researchers said on X.
Over $14 million worth of tokens including ether (ETH), $2.4 million in Tron’s TRX, $1.4 million in bitcoin (BTC) and $2.5 million in Polygon’s MATIC, among smaller amounts of other tokens, were stolen in the attack, security firm Slowmist and CertiK said.
#CertiKStatsAlert 🚨@indodax suffered a security breach a few hours ago.
— CertiK Alert (@CertiKAlert) September 11, 2024
The exploiter transferred various asset tokens (~$20M) from several hot wallet addresses.
eth/pol: 0x3C02290922a3618A4646E3BbCa65853eA45FE7C6
tron: TWe5pEnPDetzxgJS4uN26VFg15wWtdcTXc
btc:…
The stolen stash was a relatively small amount as the exchange’s wallets continue to hold over $400 million worth of various tokens, Arkham data shows.
Indodax is a centralized cryptocurrency exchange established in 2014 and targets the local Indonesian market. It traded over $11 million worth of cryptocurrencies in the past 24 hours, CoinGecko data shows, and offers all tokens against the Indonesian rupiah, which is worth 15,409 IDR per U.S. dollar as of Tuesday.
Indodax confirmed the attack on their X account early Tuesday, stating that platform operations were paused due to “maintenance” activities. However, several users on X and the exchange’s Telegram channel claimed they could no longer see wallet balances.
Halo Member INDODAX,
— indodax (@indodax) September 11, 2024
Kami ingin menginformasikan bahwa team security kami menemukan potensi indikasi keamanan pada platform kami.
Saat ini, kami sedang melakukan pemeliharaan menyeluruh untuk memastikan seluruh sistem beroperasi dengan baik. Selama proses pemeliharaan ini,… pic.twitter.com/kYAc6ilERF
While platform operations remain paused, Indodax’s X account is touting a “giveaway” of Indonesian rupiah on their Instagram page - suggesting it may be compromised.
The exact mechanism of the attack remains to be determined and is not publicly known as of European morning hours.