Indonesian Law Enforcement Apprehends Suspected Hacker
Indonesian law enforcement has taken into custody an individual suspected of hacking into Markets.com, a trading platform, to exploit vulnerabilities in its deposit system, leading to the theft of cryptocurrency valued at approximately $398,000. The suspect, who has been named only as HS, was apprehended in Bandung, West Java, on Saturday after Finalto International Limited, the parent company of Markets.com based in London, reported the incident to the authorities.
Financial Impact and Legal Consequences
The security breach resulted in significant financial losses for the trading platform, amounting to around Rp 6.67 billion. As a consequence, HS is facing serious charges under Indonesia’s cybercrime and anti-money laundering regulations, which may result in a prison sentence of up to 15 years and fines that could reach Rp 15 billion. Decrypt has sought additional information from Finalto International regarding the ongoing investigation.
Exploitation of System Vulnerabilities
According to Andri Sudarmadi, the Deputy Director of Cybercrime, investigators discovered that HS took advantage of a flaw in the nominal input system of Markets.com. The vulnerability allowed the platform to create balances in USDT based on the amount input by the hacker—essentially enabling HS to generate fraudulent gains without adequate backend checks.
In his operations, HS reportedly created four fictitious accounts using the aliases Hendra, Eko Saldi, Arif Prayoga, and Tosin, acquiring real identity details by scraping publicly available information from Indonesian national ID databases. The individual, who has been involved in the computer accessories distribution and cryptocurrency trading sectors since 2017, leveraged his expertise to manipulate the system’s weaknesses.
Seizure of Evidence
During the investigation, police confiscated several items from HS, including a laptop, a mobile device, a central processing unit, an ATM card, and a shophouse spanning 152 square meters in Bandung. A cold wallet containing 266,801 USDT, valued at around Rp 4.45 billion ($4.2 million), was also seized.
Expert Commentary on Cybersecurity Trends
Cybersecurity expert David Sehyeon Baek commented on the situation, stating that the use of scraped identity data suggests HS was potentially part of a larger underground network, rather than acting alone. “Many exchanges still approach Know Your Customer (KYC) protocols as a mere formality,” he said, emphasizing the ease with which malicious actors can fabricate convincing false identities using leaked information combined with AI technology.
Baek urged exchanges to implement continuous monitoring, enhanced device and network intelligence, and improved inter-platform cooperation to effectively identify and address artificial identities.
Industry Trends and Recommendations
This incident reflects a concerning trend in the industry, as attackers gradually shift from complicated smart contract exploits to simpler vulnerabilities in Web2 systems, such as flawed business logic or inadequate backend validation. Baek recommended that these issues could be mitigated through fundamental secure coding practices, regular internal code reviews, and consistent security testing.
