Indonesian crypto exchange Indodax has experienced a significant security breach, resulting in a loss of about $22 million in various cryptocurrencies.
Following the attack, the exchange has suspended its mobile and web applications to address the situation.
On September 11, blockchain analysis firms such as PeckShield, Cyvers, and SlowMist reported that Indodax’s hot wallets had been compromised. The stolen assets include Bitcoin, Tron, Ethereum, Polygon, Shiba Inu, and other tokens. Investigations revealed that the breach might have originated from a vulnerability in the withdrawal system, allowing the attacker to access the hot wallet.
The hacker managed to steal substantial amounts of Bitcoin, Tron’s TRX, various ERC-20 tokens, Polygon, and Ether from the Optimism blockchain. Cyvers identified over 150 suspicious transactions and noted that the stolen funds were being converted to Ether, likely using mixing services like Tornado Cash to obscure the trail.
In response, Indodax has temporarily halted its services to conduct a thorough investigation and assured users that their assets are secure. Yosi Hammer from Cyvers speculated that the Lazarus Group, a notorious North Korean hacking collective, could be behind the attack, citing similarities with previous incidents linked to the group.
Indodax’s current reserve balance is reported to be $369 million, potentially available to cover investor losses. This incident follows a similar hack in July involving WazirX, also attributed to the Lazarus Group.
A legal clash between Coin Center and the U.S. Treasury Department over sanctions imposed on Tornado Cash has officially come to an end, following a joint decision to dismiss the case.
A sophisticated cyberattack targeting Brazil’s central bank reserve accounts has resulted in the theft of over $140 million (R$800 million), much of which was swiftly funneled through cryptocurrency channels.
A malicious open-source project on GitHub disguised as a Solana trading bot has compromised user wallets, according to a July 2, 2025, report by cybersecurity firm SlowMist.
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.