Hacker exploits filing system flaw
Indonesian authorities have arrested a local hacker who allegedly manipulated security flaws in trading platform Markets.com’s deposit mechanism to steal cryptocurrency worth $398,000. The suspect, identified only as HS, was arrested on Saturday in Bandung, West Java, following a formal complaint from Finalto International Limited, the London-based company that owns Markets.com.
The police investigation revealed that HS had exploited what they called an “anomaly” in the platform’s nominal entry system. The system apparently generated USDT balances based on the deposit amount entered by the user, without proper back-end validation. This created an opportunity for fraudulent earnings simply by entering false deposit figures.
Fake accounts and stolen identities
According to police statements, the suspect created four separate fake accounts using the names Hendra, Eko Saldi, Arif Prayoga and Tosin. He allegedly obtained real Indonesian national identity information by scraping publicly accessible websites, then used that data to create convincing fake identities for the accounts.
Authorities described HS as a computer accessories distributor involved in cryptocurrency trading since 2017. They believe its experience in the technology and crypto markets helped it identify and effectively exploit the system vulnerability.
Seizure of significant assets
During the arrest operation, police confiscated important evidence and property, including a laptop, cell phone, CPU, ATM card and a 152 square meter store in Bandung. Specifically, they seized a cold wallet containing 266,801 USDT worth approximately $4.2 million. The presence of such a large sum in the cold wallet suggests that this may not have been the suspect’s only transaction.
Deputy Director of Cybercrime Andri Sudarmadi confirmed that HS was facing charges under Indonesia’s cybercrime and anti-money laundering laws. If convicted, he faces up to 15 years in prison and fines of up to $900,000.
Wider security implications
Cybersecurity consultant David Sehyeon Baek told reporters that the use of scraped credentials indicates the hacker was likely “someone connected to a much larger underground data ecosystem” rather than working alone. He expressed concern about the ease with which bad actors can now “create convincing false identities using leaked data and AI tools.”
“Many exchanges still treat KYC as a check-box exercise,” Baek noted, adding that “traditional KYC alone is no longer enough.” He urged trading platforms to adopt more comprehensive security measures, including continuous monitoring, device and network intelligence, and better cross-platform collaboration to quickly detect synthetic identities.
Baek sees this case as part of a “very clear industry trend” where attackers are moving away from complex smart contract hacks and toward “easier entry points into Web2 systems.” He specifically mentioned business logic flaws, weak APIs, faulty access control, and poor backend validation as common vulnerabilities being exploited.
According to the expert, these types of security issues can often be resolved through “basic secure coding practices, internal code review, and routine security testing.” The Markets.com incident is a reminder that even established trading platforms can have fundamental security flaws that sophisticated attackers can identify and exploit.
I think what’s interesting here is that the attacker didn’t need advanced technical skills, just an understanding of how the system works and how its validation processes fail. One wonders how many other platforms might have similar fundamental flaws in their deposit and balance systems.
