Hackers Breached IndoDax Suffered a $18 Million Loss

On September 10, 2024, CyberAlert, a leading blockchain security firm, disclosed a major security breach affecting IndoDax, a prominent Indian cryptocurrency exchange. The attack resulted in an estimated loss of 24.2 billion won (approximately $18.2 million).

The breach involved over 150 suspicious transactions, raising concerns about IndoDax’s security protocols and the safety of user funds.

The hacker’s suspected wallet currently holds $14.4 million in cryptocurrency, with a portion already converted to ETH (Ethereum). This incident joins a growing number of high-profile cryptocurrency exchange hacks, underscoring the urgent need for enhanced security measures in the digital asset sector.

CyberAlert’s investigation revealed that the breach targeted IndoDax’s wallet system, enabling the hacker to steal millions in cryptocurrency. IndoDax, being one of India’s largest cryptocurrency exchanges, serves thousands of users who rely on it to trade digital assets like Bitcoin, Ethereum, and others. The scale of the theft and the detection of over 150 unusual transactions make this hack particularly alarming.

The attack appears meticulously planned, with the hacker swiftly moving a part of the stolen funds to exchange for Ethereum on decentralized exchanges. This tactic, commonly employed by hackers, aims to obscure the trail of stolen assets, hindering authorities’ efforts to track and recover the funds.

Hacks Damage on IndoDax

The total estimated loss stands at $18.2 million, with $14.4 million remaining in the hacker’s suspected wallet. CyberAlert has confirmed the hacker’s active conversion of some stolen funds into ETH, a common practice in cryptocurrency hacks to quickly liquidate stolen assets and make tracing more difficult.

While exchanges have occasionally successfully tracked and recovered some stolen funds in the past, the success rate is generally low. The hacker’s conversion of a portion of the stolen funds into Ethereum adds complexity to the investigation, as Ethereum can be further exchanged for other assets or moved through multiple wallets to evade detection.

However, it is not the first time a cryptocurrency exchange has been targeted by hackers; these incidents have become increasingly frequent in recent years. Hackers are constantly refining their methods, making it challenging for exchanges to stay ahead of potential threats. IndoDax now joins a list of exchanges that have fallen victim to large-scale security breaches, including Mt. Gox, Bitfinex, and Coincheck.

Despite advancements in blockchain security technology, the decentralized and pseudonymous nature of cryptocurrencies can make them particularly vulnerable to hacking attempts. While blockchain itself is secure, the exchanges and wallet providers that store and manage crypto assets on behalf of users are frequent targets for cybercriminals.

Notably, as of this writing, IndoDax has not released an official statement regarding the hack. However, multiple sources, including CyberAlert and various blockchain security trackers, have reported the security breach. Given the exchange’s size and the extent of the damage, IndoDax is likely to face significant scrutiny from regulators and customers in the coming days.