Indonesian crypto exchange Indodax suffered a loss of approximately $22 million in various cryptocurrencies and has since disabled its mobile and web applications to investigate the breach.

On Sept. 11, multiple blockchain investigation firms, including PeckShield, Cyvers and SlowMist, alerted against an attack on Indodax’s hot wallets. The hacker stole large amounts of Bitcoin (BTC), Tron (TRX), Ether (ETH), Polygon (POL) and Shiba Inu (SHIB), among other tokens.

SlowMist’s independent investigation suggested a breach in Indodax’s withdrawal system, which allowed the hacker to withdraw funds from the exchange’s hot wallet. Cyvers, on the other hand, believed other systems were attacked, such as the signature machine.

The hacker stole over $1.42 million in Bitcoin, $2.4 million from the Tron blockchain tokens, over $14.6 million in various ERC-20 tokens, $2.58 million in POL and $0.9 million ETH from the Optimism blockchain.

Cyvers detected more than 150 suspicious transactions over multiple networks and reported that the hacker started swapping the tokens to Ether. After converting the stolen funds to ETH, hackers use crypto mixing services such as Tornado Cash to siphon the loot anonymously.

Indodax shuts all operations to investigate $22M hack

Shortly after the breach alerts, Indodax acknowledged the hack and informed users about a temporary shutdown of services. The company said in a statement that:

“Currently, we are conducting a complete maintenance to ensure the entire system is operating properly. During this maintenance process, the INDODAX web platform and application are temporarily inaccessible.”

However, the crypto exchange reassured investors about the safety of their crypto assets.

Indodax website was made inaccessible to users amid a $22 million hack investigation. Source: Indodex

Yosi Hammer, the head of AI at Cyvers, suspects the involvement of North Korea’s infamous cryptocurrency hackers, the Lazarus group. He told BSCN:

“The pattern and the characteristics of the (Indodax) attack highly resemble those of North Korea’s Lazarus Group.”

Related: Lazarus Group laundered over $200M in hacked crypto since 2020

According to CoinMarketCap data, Indodax has a reserve balance of $369 million, part of which could be repurposed to recoup investors’ losses.

Financial reserves of Indodax after $22 million hack. Source: CoinMarketCap

North Korean hackers increasingly target the crypto community

The largest hack in July, where crypto exchange WazirX lost $235 million, was also attributed to North Korea’s Lazarus group.

While Web3 security firm Cyvers initially flagged the attack, blockchain forensics firm Elliptic told Cointelegraph that specific patterns and techniques in the WazirX attack led them to believe North Korean hackers were behind the incident.

In addition to Elliptic, cryptocurrency investigator ZachXBT reached a similar conclusion.