Hacker Exploits Trading Platform Security Flaw
Indonesian authorities have detained a local hacker who allegedly manipulated security weaknesses in Markets.com’s deposit system to steal approximately $398,000 in cryptocurrency. The suspect, identified only as HS, was arrested on Saturday in Bandung, West Java, following a formal complaint from Finalto International Limited, the London-based owner of the trading platform.
Police investigators discovered that HS exploited what they described as an “anomaly” in the platform’s nominal input system. According to Deputy Cybercrime Director Andri Sudarmadi, the system generated USDT balances based on whatever deposit amount the attacker entered, creating an opportunity for fraudulent gains without proper backend validation. This essentially allowed the hacker to create artificial deposits that the system accepted as legitimate.
Fake Accounts and Stolen Identity Data
The investigation revealed that HS created four separate fake accounts using the names Hendra, Eko Saldi, Arif Prayoga, and Tosin. Police say he obtained real Indonesian national ID information by scraping data from publicly accessible websites, then used this information to create convincing fake identities for his fraudulent accounts.
Authorities described the suspect as a computer accessories distributor who has been involved in cryptocurrency trading since 2017. They believe his experience in both technology and crypto markets helped him identify and exploit the system vulnerability. The operation resulted in total losses of $398,000 for Markets.com, with HS now facing charges under Indonesia’s cybercrime and anti-money laundering laws. If convicted, he could face up to 15 years in prison and fines reaching $900,000.
Significant Assets Seized
During the arrest, police confiscated substantial assets including a laptop, mobile phone, CPU unit, ATM card, and a 152-square-meter shophouse in Bandung. Most notably, they seized a cold wallet containing 266,801 USDT worth approximately $4.2 million. The significant amount of cryptocurrency found in the wallet suggests this might not have been the hacker’s only operation, though police haven’t confirmed if additional charges will be filed.
Broader Security Implications
Cybersecurity consultant David Sehyeon Baek told media that the use of scraped ID data indicates the hacker was likely “someone plugged into a much bigger underground data ecosystem” rather than working alone. He expressed concern about how easily bad actors can now “build convincing fake identities using leaked data and AI tools.”
Baek argued that traditional Know Your Customer (KYC) procedures alone are no longer sufficient for security. “A lot of exchanges still treat KYC like a checkbox exercise,” he noted, urging platforms to adopt more comprehensive security measures including continuous monitoring, device and network intelligence, and better cross-platform collaboration to detect synthetic identities early.
The expert suggested this case reflects a broader industry trend where attackers are shifting away from complex smart contract hacks toward targeting “easier entry points in Web2 systems—things like business logic flaws, weak APIs, broken access control, and poor backend validation.” He emphasized that many of these vulnerabilities could be addressed through basic secure coding practices, internal code review, and routine security testing.
Decrypt has reached out to Finalto International for additional comment on the incident and their security measures moving forward. The case highlights ongoing challenges in cryptocurrency platform security, particularly around deposit validation systems and identity verification processes.
