Indodax, the largest crypto exchange in Indonesia, has become the latest victim of a security breach, losing $22 million worth of assets to the explioters.
Following the unresolved exploit of India’s WazirX, this incident marks the second major hack in the Asian crypto market this year.
How Did Indodax Lose $22M to Hackers?
The security breach at Indodax has been flagged by several blockchain security and transaction tracking services including SlowMist, Cyvers, PeckShield, and Spot On Chain. This exploit has sparked concerns about the vulnerability of user funds on centralized crypto exchanges.
SlowMist’s investigation revealed that the Indodax breach was caused by a vulnerability in the exchange’s withdrawal system, enabling the hacker to withdraw funds from Indodax’s hot wallet.
The hacker has already swapped most of the stolen tokens for other coins. The current holdings of the hacker include 5,584 ETH ($13 million) on the Ethereum and Optimism network, 6.84 million POL ($2.56 million) on Polygon, 16.7 million TRX ($2.55 million) on Tron, and 25 BTC ($1.41 million).
Indodax Reassures Users
Following the reports from various blockchain security firms, Indodax announced that its security team has detected a potential security issue on the platform, resulting in a maintenance check to ensure the system’s integrity. At press time, users were unable to access the Indodax web and mobile applications.
The exchange reassured its customers that their balances in both crypto and rupiah, the Indonesian local currency are 100% safe. The maintenance aims to enhance the exchange’s security and convenience of transactions. Indodax will provide further updates once the investigation is complete, keeping users informed about the status of their platform.
The hack has left Indodax in a vulnerable position. With its growing popularity, the attack’s timing and impact are particularly concerning. The Indonesian platform has expanded its user base from 9.9 million in 2021 to over 28 million in 2024. The recent exploit can reduce users’ confidence in the exchange resulting in their scouting for other exchanges with clean records.
The growing hacks on centralized exchanges reveal their vulnerabilities and users need to consider alternative secure options like decentralized exchanges (DEXs) and cold storage.
