Web3 security firm Cyvers disclosed on Sept. 11 that it had detected multiple suspicious transactions involving the wallets of Indonesian cryptocurrency exchange Indodax. Initially, Cyvers said the suspicious address held digital assets worth $14.4 million. However, in a later statement shared with Bitcoin.com News, the security firm increased the estimated losses associated with the attack to approximately $20.58 million.

According to Cyvers, the attacker, believed by some observers to be the Lazarus Group, performed more than 150 transactions. The security firm believes the attack vector exploited by the attacker is related to an access control violation.

Commenting on speculation that the North Korean-aligned hacking group is behind the breach, Yosi Hammer, Head of AI at Cyvers, cautioned that attribution is still too early. However, Hammer acknowledged that the attack exhibits characteristics often associated with the Lazarus Group.

“We identified a significant security breach targeting Indodax’s hot wallet, resulting in a loss of over $20.5 million across multiple chains. Our real-time monitoring systems flagged 160 critical red flags at the onset, beginning with a transfer of 660 ETH. The attack exhibited characteristics typical of sophisticated hacking groups, such as the Lazarus Group, known for their rapid asset transfers, access control violations, and multiple swaps,” Hammer stated.

Still, the Cyvers AI head said the security firm now wants to determine whether the money laundering process of this attack matches that of the North Korea-aligned group.

Meanwhile, the security firm shared a breakdown of the losses by chain, with ethereum (ETH) accounting for more than 60% or $13.3 million of the $20.58 million lost. Losses on Polygon and TRON were identical at $2.5 million each, while losses on Bitcoin are estimated at $1.4 million.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。