Crypto Exchange HTX Reports $8 Million Hack Over Weekend

INDODAX, Indonesia’s largest virtual asset trading platform by trading volume, has acquired full licensing in Indonesia from the local regulator. That’s according to a report published by local media outlet VOI. The license, a Physical Crypto Asset Trader (PFAK) license, has been awarded to the company by Indonesia’s Commodity Futures Trading Supervisory Agency, better known as BAPPEBTI.  The license will place INDODAX in a complaint position within the Indonesian market, relative to local regulations. The business has been issued certificate number 10/BAPPEBTI/PFAK/12/2024 by the regulator, its approval certificate as a Physical Crypto Asset Trader.Photo by Mark König on UnsplashMandatory registration requirementIn December 2023 the authorities in Indonesia set out a mandatory requirement for crypto trading entities to register with the Commodity Future Exchange (CFX). CFX is Indonesia’s national crypto bourse, while INDODAX is a member. As of April 2024, 35 crypto exchanges had been registered with the regulator. CFX has been given the mandate to monitor crypto exchange operations, to safeguard investors by ensuring exchanges abide by local regulations. Fendy Tan, chief financial officer (CFO) at INDODAX commented on the firm’s recent licensing milestone, stating: "We are grateful to BAPPEBTI and CFX for the trust given through this full license. The long process that must be passed reflects our commitment to providing the best protection for users. The license number 10 also has a special meaning, which symbolizes perfection, and symbolizes the 10-year journey of INDODAX in leading the crypto industry in Indonesia."  Liquidity and SOP requirementsIn order to acquire this license INDODAX had to comply with BAPPEBTI Regulation Number 8 of 2021 and Number 13 of 2022. It has also had to ensure a minimum paid-up capital of 100 billion Indonesian Rupiahs ($6,158,000), and a minimum equity of IDR 50 billion ($3,079,000). Furthermore, the company has had to implement a set of standard operating procedures (SOPs), together with achieving ISO certification in accordance with global security standards, with specific emphasis on complying with regulations to safeguard customer funds according to the balances held on account of fiat currency and digital assets by INDODAX customers. INDODAX is understood to have 7.1 million customers while a transaction volume of 109 trillion Indonesian rupiahs was reached for the period January to November 2024. BAPPEBTI had extended a deadline for the crypto licensing of exchanges late last year, a move welcomed at the time by INDODAX CEO Oscar Darmawan. Darmawan said that the move would strengthen the industry by ensuring that market participants were compliant with recently introduced regulations. While this licensing milestone is a positive for INDODAX, the firm had faced challenges in 2024. In September it emerged that the platform had been compromised with the loss of around $18 million in digital assets. Meanwhile, the authorities in Indonesia had planned to switch crypto market oversight from BAPPEBTI to the Financial Services Authority (OJK) by Jan. 12. However, a recent report published by the Jakarta Globe suggests that the Indonesian government has yet to finalize this regulatory transfer.

Blockchain Deposit Insurance Corporation (BDIC), an emerging crypto insurer based in Florida in the United States, with corporate headquarters in Bermuda, has disclosed that it is preparing to launch its cryptocurrency insurance platform.Photo by Kindel Media on PexelsStarting point in AsiaIn a press release published on Feb. 11, BDIC outlined that the launch would take place in Q2 2025, with its crypto insurance underwriting service commencing in key Asian markets to begin with.  The company has chosen Asia as its starting point, where it feels crypto adoption continues to build momentum. With that, it specified Hong Kong, Singapore, Japan, Taiwan and South Korea as target markets.  While the initial launch will take place in Q2, the company foresees having expanded into Southeast Asia by Q4 2025. Broader service coverage will follow across the greater Asia-Pacific (APAC) region by 2026, with particular emphasis on entering the Hong Kong market. Company CEO Jeffrey Glusman cited a growing demand for crypto wallet security across Asia. He underlined the growing crypto adoption rate in the region, suggesting that this will encompass 300 million users by 2028. Insurance essential for mainstream adoption Speaking about the product offering more generally, Glusman said that the crypto sector has reached a critical inflection point. With that, he believes that “institutional-grade insurance solutions are essential for mainstream adoption.” He added: “BDIC introduces a new paradigm in digital asset protection, using advanced risk assessment algorithms and real-time monitoring to safeguard users’ holdings.” Token launch The company is also planning to launch a native token for its platform, “BDIC Coin,” in Q2 2025. The purpose of the token launch will be to power the BDIC Foundation Reserve Fund, a reserve which will be used for the purposes of premium payments and claim settlements. Furthermore, the token will enable holders to participate in governance voting relative to the project. BDIC claims that it has established compliance protocols and a whitelist in order to provide for a robust and equitable tokenomics structure. Glusman believes that the timing of BDIC’s launch couldn’t be better. A recent report by information services company GlobalData corroborates his view. The report, published on the back of a GlobalData survey, outlined that only 10.8% of crypto holders worldwide have insurance in place for their digital assets.  The survey data suggests that 41.9% of non-policy holding respondents would purchase such insurance given the opportunity, while a further 26.2% were open to the idea. Theft or hacking of digital assets was perceived to be the most important risk to cover in a digital asset insurance policy in the case of a quarter of respondents. The number of insurers offering crypto-related insurance remains limited. However, it would appear that there’s a significant growth opportunity for firms like BDIC, based on the survey data. While there might be a growth opportunity, there are also challenges. Nischal Shetty, founder and CEO of WazirX, an Indian crypto exchange platform that suffered a $230 million hack in 2024, described the difficulties encountered by the company in trying to get insurance when interviewed last August. He stated: “We tried to get insurance in the past, but we did not get any provider who would be willing to insure these assets. It's not an easy process.”

The crypto space continues to suffer a disproportionate share of hacks and scams that were further exacerbated on Wednesday, with Malaysian crypto data aggregator the latest to succumb to a security breach. Serving as yet another stark reminder of the persistent threats plaguing the sector, a phishing scam targeted CoinGecko's X account, leading to a brief compromise that raised concerns about the safety of user information.Photo by GuerrillaBuzz on UnsplashPhishing scamDuring this incident, hackers posted a phishing link on CoinGecko's X account, falsely advertising a token airdrop for a cryptocurrency named GCKO. The deceptive post claimed that GCKO could be used for API services, including the cryptocurrency ANKR. Swift action by CoinGecko involved the removal of the fraudulent post and a public warning urging users to avoid interacting with any suspicious links or content. In an X post, CoinGecko wrote:”Our Twitter accounts @CoinGecko and @GeckoTerminal have been compromised. We're taking immediate steps to investigate the situation and secure our accounts. Please DO NOT click on any links or engage with suspicious content. Your security is our top priority.” Employee errorThe firm followed up with an update on Thursday, attributing the breach to a team member inadvertently clicking on a fraudulent Calendly link, granting unauthorized access to the hacker. Despite having two-factor authentication (2FA) enabled and employing robust security measures, CoinGecko emphasized that the inadvertent click allowed unauthorized access. The compromised accounts were then exploited to disseminate misleading information and potentially engage in malicious activities. CoinGecko expressed sincere apologies for any confusion or inconvenience caused by the incident. The company reiterated its commitment to platform security and continuous improvement of internal controls, assuring users that corrective measures were promptly implemented. SEC incompetenceCoinGecko's security incident occurred within 24 hours of a similar occurrence involving the U.S. Securities and Exchange Commission (SEC). The SEC's X account was compromised, with scammers posting a false message from Chair Gary Gensler about the approval of spot bitcoin exchange-traded funds (ETFs). While CoinGecko identified a vulnerability in its security regimen, the SEC later confirmed that the breach in its case was far more basic. It was not due to infrastructure attacks but rather the lack of 2-factor authentication (2FA) tied to the SEC's account, the most basic form of operations security. Gensler and the SEC have come in for major criticism from the crypto community in the U.S. due to a policy of regulation by enforcement that has been pursued. With that, the Commission came in for swift and harsh criticism in the immediate aftermath of its X account hack. Many pointed out the irony of Gensler advising consumers to secure their accounts back in October when the SEC itself had failed to do so. Others queried who would be responsible for what some interpreted as an episode of market manipulation, something that the SEC has perennially associated the crypto markets with. During the time that the account was compromised, millions of dollars of value were liquidated in short and long trading positions. CoinGecko's quick response serves as a valuable lesson in the importance of vigilance and proactive security measures amid the growing threats facing the cryptocurrency community.