Indonesian authorities have arrested a local hacker on suspicion of stealing $398,000 worth of cash by exploiting a security flaw in trading platform Markets.com’s deposit system. cryptocurrency.
Police detained the suspect, identified only as HS, in Bandung, West Java province, on Saturday following a complaint by Finalt International Limited, the London-based owner of Markets.com, according to local media reports.
The operation resulted in a total loss of $398,000 (Rp6.67 billion) to the trading platform, and HS faces charges under Indonesia’s Cybercrime and Anti-Money Laundering Act, which could result in up to 15 years in prison and a fine of $900,000 (Rp15 billion).
decryption Finalto International has been contacted for further comment.
Deputy Director of Cyber Crime Andri Sudarmadi said investigators have uncovered how HS allegedly exploited an anomaly in Markets.com’s nominal input system.
The platform reportedly generated USDT balances based on deposit amounts entered by the attackers, creating scope for illicit profits without proper backend verification.
According to police, HS created four fake accounts under the names Hendra, Eko Sardi, Arif Prayoga and Tosin and obtained their real identity data by scraping Indonesian national ID information from publicly accessible websites.
Authorities said the suspect had been a computer accessory seller and cryptocurrency trader since 2017, and used that experience to identify and exploit system vulnerabilities.
Police seized a laptop, mobile phone, CPU unit, ATM card, a 152 square meter shophouse in Bandung, and a cold wallet containing 266,801 USDT worth approximately $4.2 million (Rp4.45 billion).
KYC: “It’s not enough anymore”
David Sehyun Baek, a cybersecurity consultant, said: decryption The identity data collected indicates that the hacker is not a single operator but “someone connected to a much larger underground data ecosystem.”
“Many exchanges still treat KYC like a check-box exercise,” he said, noting that bad actors can “easily construct convincing false identities using leaked data and AI tools.”
“Traditional KYC alone is no longer enough,” Baek said, urging exchanges to employ “continuous monitoring, device and network intelligence, and better cross-platform collaboration” to detect synthetic identity verification early.
Baek said the case fits into “very clear industry trends.” He explained that attackers are trying to stay away from complexity. smart contract It hacks and looks for “easier entry points into Web2 systems, including flawed business logic, weak APIs, broken access controls, and poor backend validation.”
These types of issues can be addressed through “basic secure coding practices, internal code reviews, and regular security testing,” the expert added.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
