Indodax and BingX Hackers Use the Same Address for Laundering, MistTrack Reports

In a concerning development within the cryptocurrency security landscape, MistTrack, a crypto tracking and compliance platform developed by blockchain cybersecurity firm SlowMist, reported on X that it has identified a connection between hackers targeting the Indonesian cryptocurrency exchange Indodax and the Singapore-headquartered cryptocurrency exchange BingX. The investigation revealed that both hackers utilized the same address, beginning with 0x0c74c, to launder funds. Notably, the Indodax hacker operated on the Polygon network, while the BingX hacker was active on the Binance Smart Chain (BSC).

Overview of the Security Breach

Incident Summary

• Exchanges Affected: Indodax (Indonesia) and BingX (Singapore)
• Tracking Platform: MistTrack by SlowMist
• Laundering Address: Starts with 0x0c74c
• Networks Used: Polygon for Indodax hack, Binance Smart Chain (BSC) for BingX hack
• Date of Report: October 23, 2024

The report highlights a sophisticated cyberattack where hackers exploited vulnerabilities in both Indodax and BingX to steal and subsequently launder cryptocurrency funds through a single address across different blockchain networks.

Details of the Hack

Indodax Hack

• Network: Polygon
• Methodology: The hacker targeted Indodax by exploiting a vulnerability in the exchange’s security protocols, allowing unauthorized access to user funds.
• Amount Stolen: Not disclosed
• Laundering Technique: Funds were transferred to the laundering address 0x0c74c on the Polygon network, facilitating the conversion and movement of stolen assets.

BingX Hack

• Network: Binance Smart Chain (BSC)
• Methodology: Similar to the Indodax breach, the BingX exchange was compromised through a security loophole, enabling the hacker to siphon off cryptocurrency assets.
• Amount Stolen: Not disclosed
• Laundering Technique: The stolen funds were also directed to the same laundering address 0x0c74c, but on the BSC network, indicating a cross-network laundering strategy.

Analysis of Laundering Methods

Cross-Network Laundering

The use of the same laundering address across different blockchain networks showcases a highly coordinated effort by the hackers to obscure the trail of stolen funds. By leveraging both the Polygon network and Binance Smart Chain, the perpetrators aim to complicate the tracking and recovery of assets by spreading the transactions across multiple platforms.

Implications for Blockchain Security

This incident underscores the increasing sophistication of cyberattacks in the cryptocurrency sector, where hackers employ advanced techniques to exploit security vulnerabilities and facilitate complex laundering processes. The utilization of multiple networks further highlights the need for robust, multi-layered security measures within exchanges.

Implications for Indodax and BingX

Financial and Reputational Impact

• Financial Losses: Although the exact amounts stolen have not been disclosed, the breach potentially results in significant financial losses for both exchanges.
• Reputational Damage: The security breaches can erode user trust and confidence in the affected exchanges, potentially leading to a decline in user activity and market share.
• Operational Disruptions: Exchanges may face operational challenges in restoring security, compensating affected users, and implementing enhanced security measures to prevent future attacks.

Response Measures

Both Indodax and BingX are expected to undertake immediate actions to mitigate the impact of the breaches, including:

• Enhancing Security Protocols: Implementing advanced security measures such as multi-factor authentication, regular security audits, and real-time monitoring systems.
• User Communication: Informing affected users about the breach, steps taken to secure accounts, and measures to prevent future incidents.
• Collaboration with Authorities: Working with law enforcement agencies and cybersecurity firms like SlowMist to investigate the breaches and recover stolen funds.