Indodax Suffers From Signature Machine Attack, Lost $22 Million: Slowmist CISO

On Sep 11, 2024

After the news of suspicious transactions on Indodax surfaced, SlowMist CISO has reported that Indodax’s signature machine and its withdrawal system were attacked, causing a loss of $22 Million.

Chief Information Security Officer 23pds posted on X platform “that after analysis, it was found that it was not Indodax’s hot wallet private key that was hacked, but other systems such as the signature machine that were attacked.”

1⃣ Based on our analysis🔎, we can rule out the possibility that the hot wallet has been compromised. It is possible that the withdrawal system has been hacked.
🤔Let’s dive into it.
Here are the hacked bitcoin transactions. The stolen funds were withdrawn from the Indodax… https://t.co/hQb0o4ljW8 pic.twitter.com/YCHYX1kg2y
— SlowMist (@SlowMist_Team) September 11, 2024

Additionally, SlowMist added that since Indodax’s reserves have a considerable amount of balance, users can remain calm and wait for further official updates.

Indonesia’s leading crypto exchange, Indodax had reportedly witnessed over 150 suspicious transactions which could potentially cause a loss of $18.2 million, as stated by Web3 security firm, Cyvers.

After the report, Indodax gave out a statement informing users about the platform being temporarily inaccessible. The crypto platform wrote, “We would like to inform you that our security team has discovered a potential security issue on our platform.

Currently, we are conducting complete maintenance to ensure the entire system is operating properly. During this maintenance process, the INDODAX web platform and application are temporarily inaccessible. But don’t worry, we can assure you that your balance remains 100% safe both in crypto and rupiah.

We appreciate your patience and trust. We are doing this process to ensure the security and comfort of your transactions. We will provide further updates as soon as the investigation is complete.”

Indodax further cautioned users against fraud “INDODAX fund refund invitations or requests for personal data.” The platform ensured a normal restoration after the completion of its maintenance.

Also Read: Liminal’s Security Cleared by Grant Thornton in WazirX Hack Investigation