Indonesia’s Largest Centralized Exchange Suffers $18 Million Exploit: Report

Indodax, Indonesia’s largest centralized cryptocurrency exchange, has reportedly suffered an exploit resulting in a total loss of $18.2 million.

Following the incident, the team acknowledged the security breach and temporarily suspended operations for maintenance, reassuring users that their funds remained safe.

$18.2 Million Exploit

On September 11, Cyvers Alerts took to X to notify the exchange of suspicious transactions. “Our system has detected multiple suspicious transactions involving your wallets on different networks,” the company stated.

ALERTHey @indodax , Our system has detected multiple suspicious transactions involving your wallets on different networks. Suspicious address already holds 14.4 million USD and swapping the tokens to Ether.

Want to keep your company off our alerts radar? Learn how to secure… pic.twitter.com/Lzpi5uthXS

— Cyvers Alerts (@CyversAlerts) September 10, 2024

The report also noted that the address already held $14.4 million and was actively swapping the tokens to Ether.

PeckShield also reported significant outflows from Indodax. According to its observations, approximately $15.7 million worth of cryptocurrency had been siphoned from the exchange.

The monitoring resource detailed that around 5,204 ETH was parked at an address on Ethereum, along with about 6.8 million POL on Polygon and approximately 380 ETH on Optimism.

Cyvers Alerts provided more insights, noting that over 150 transactions had been detected, resulting in a total loss of $18.2 million. They also urged Indodax to take immediate action to mitigate the damage.

Indodax Assures Users of Fund Safety

In response to these reports, the Indonesian exchange acknowledged the potential security issues in a post on X, announcing that it was conducting comprehensive maintenance to ensure the integrity of its platform.

“Currently, we are conducting a complete maintenance to ensure the entire system is operating properly. During this maintenance process, the INDODAX web platform and application are temporarily inaccessible,” the team stated in a translated post.

Despite the ongoing breach, the company reassured its users, stating, “But don’t worry, we can assure you that your balance remains 100% safe both in crypto and rupiah.”

The team also thanked users for their patience and trust, stressing that the maintenance was essential to ensure the security and smoothness of their transactions. Additionally, the exchange promised to provide further updates once the investigation is concluded.

Indodax, previously known as Bitcoin Indonesia, was established in 2014 by Oscar Darmawan and William Sutanto. Initially focused on Bitcoin and other cryptocurrencies, the platform expanded its offerings, leading to a rebrand in March 2018 as Indodax, short for Indonesia Digital Asset Exchange.

Since its launch, it has grown into the country’s largest cryptocurrency exchange, with millions of users. It currently supports trading for more than 160 cryptocurrencies and holds a strong presence in the Southeast Asian market. According to CoinGecko data, it has a 24-hour trading volume of $11,430,998 with a trust score of 8/10.