Experts Express The Roots Of Problems Behind Indodax's Repeat Hacking

Indodax application (photo: Indodax)

JAKARTA - Cybersecurity expert and Chairman of the Cyber Security Research Institute (CISSReC) Pratama Persadha revealed that cyber incidents that occur against Indodax now and in 2022 are different incidents.

According to him, the alleged data leak that occurred to Indodax in 2022 was not caused by cyber attacks that attacked the Indodax system, but because of the malware of Stealer info that attacked devices from Indodax customers.

While this new incident occurred was due to hackers attacking the signature engine of the Indodax system, which resulted in hackers being able to create a key that was considered the legal key to making transactions.

Although Indodax admits that 100 percent of users' assets are safe, Pratama suspects that the stolen crypto assets have been transferred to other crypto wallets, or have even been exchanged for other types of crypto assets. Now Indodax is trying to return the assets using the spare funds they have.

"Most likely what Indodax is currently doing during this maintenance period is in addition to conducting audits and forensics for the incident that occurred," Pratama explained to VOI on Friday, September 13 via WhatsApp.

He hopes that the incident that occurred against Indodax could serve as a reminder to everyone about the importance of early detection of threats and swift action in responding to hacking attacks.

"Because if the detection of this hack is immediately known to the Indodax security team, then prevention measures such as system isolation can be taken to prevent greater losses," he said.

Pratama also appealed to companies to continue to monitor suspicious transactions, ensure program codes are tested and audited by security companies, temporarily suspend protocols in the event of hacking, carry out layered security approaches, use of Cold Storage to store crypto assets offline, use of multifactor authentication, employee training, carry out periodic updates, and periodic security audits.

"Indodax hacking is a reminder that security is not the end result, however, a continuous process that requires continuous attention and improvement, because what we believe is safe at this time will not necessarily remain safe the next day," concluded Pratama.