Hack Track: Indodax Flow of Funds Analysis

Robert Whitaker and Prachi Pandey
November 7, 2024

On September 10th, 2024, Indodax, a leading Indonesian cryptocurrency exchange, fell victim to a devastating security breach. This attack resulted in the theft of over $25.47 million worth of cryptocurrencies, highlighting the ongoing vulnerabilities in the cryptocurrency ecosystem.

Incident Response

Indodax swiftly responded to the breach by halting withdrawals from the compromised hot wallet and transferring funds to a more secure location. This proactive measure helped mitigate further damage and protect the funds of many users.

Merkle Science's Flow of Funds Analysis

Merkle Science’s blockchain forensics tool ‘Tracker’ visualizes the flow of funds 

Merkle Science conducted a comprehensive analysis of the stolen funds to gain a deeper understanding of the hack and its implications. Our investigation revealed the following key insights:

Breakdown of Stolen Assets:

  • Ethereum: $18.14 million worth of various tokens
  • Polygon: 2,202,200 POL tokens and 1.8 million USDT tokens (total value: $2.6 million)
  • Tron: 2.36 million USDT and 160 billion BTT tokens (total value: $2.43 million)
  • Bitcoin: 26.2597 BTC (total value: $1.5 million)
  • Optimism: 380 ETH (total value: $870,000)

Additional Insights:

Synchronized attack on multiple blockchains indicates a well-strategized exploit of the Indodax hot wallets. Swap services were extensively used to convert stolen tokens into native tokens like ETH, TRX, and POL due to their higher liquidity and availability on VASPs.

Our analysis reveals a shift in laundering tactics. Instead of converting stolen tokens into stablecoins like USDT, USDC, and DAI, as seen in multiple previous hacks, attackers have predominantly swapped them for native tokens such as ETH, POL, and TRX. This change may be attributed to increased scrutiny and blacklisting efforts by Tether (USDT).

Indodax's swift response to the hack, including halting withdrawals from the compromised hot wallet and transferring funds to a more secure location, prevented further damage and protected the funds of many users. Nevertheless, this incident underscores the critical importance of robust security measures for cryptocurrency exchange hot wallets.

Conclusion

The Indodax hack serves as a reminder of the ongoing security challenges the cryptocurrency industry faces. By understanding the common attack vectors and implementing robust security measures, exchanges and individual users can significantly reduce their risk of falling victim to such attacks. By staying informed and vigilant, the cryptocurrency community can collectively work towards building a more secure and resilient ecosystem.