Indonesian Hacker Arrested for $398K Markets.com Crypto Theft

Indonesian police detained HS in Bandung, West Java, following a formal complaint filed by Finalto International Limited, the London-headquartered owner of Markets.com trading platform. The arrest came after investigators uncovered how the suspect allegedly exploited what Deputy Cybercrime Director Andri Sudarmadi described as ‘an anomaly in Markets.com’s nominal input system.’ According to police reports, the platform generated USDT balances based on whatever deposit amount the attacker entered, creating a critical opening for fraudulent gains without proper backend validation.

The operation resulted in confirmed losses totaling $398,000 (Rp 6.67 billion) for Markets.com, with HS now facing charges under Indonesia’s stringent cybercrime and anti-money laundering laws. These charges carry potential penalties of up to 15 years imprisonment and fines reaching $900,000 (Rp 15 billion), reflecting the seriousness with which Indonesian authorities are treating the case. The investigation revealed that HS, identified as a computer accessories distributor and crypto trader since 2017, leveraged his technical experience to identify and systematically exploit this system vulnerability.

Police investigation details reveal a sophisticated identity fraud operation where HS created four separate fake accounts under the names Hendra, Eko Saldi, Arif Prayoga, and Tosin. The suspect sourced authentic identity data by scraping Indonesian national ID information from publicly accessible websites, enabling him to bypass traditional KYC verification processes. This method allowed the creation of multiple convincing fake identities that appeared legitimate to platform security systems.

Cybersecurity consultant David Sehyeon Baek told Decrypt that the use of scraped ID data indicates the hacker was ‘someone plugged into a much bigger underground data ecosystem’ rather than operating alone. Baek emphasized that ‘a lot of exchanges still treat KYC like a checkbox exercise,’ noting the ease with which bad actors can ‘build convincing fake identities using leaked data and AI tools.’ This case demonstrates how traditional KYC procedures alone are increasingly insufficient against determined attackers with access to compromised personal data.

Authorities executed significant asset seizures during the arrest, including a cold wallet containing 266,801 USDT worth approximately $4.2 million (Rp 4.45 billion) – an amount substantially larger than the $398,000 stolen from Markets.com. Police also confiscated a 152-square-meter shophouse property in Bandung, along with a laptop, mobile phone, CPU unit, and ATM card. The substantial value of seized assets suggests this may not have been HS’s first successful exploit, though authorities have not confirmed additional victims.

According to cybersecurity expert Baek, this case fits ‘a very clear industry trend’ where attackers are moving away from complex smart contract hacks and instead targeting ‘easier entry points in Web2 systems—things like business logic flaws, weak APIs, broken access control, and poor backend validation.’ These vulnerabilities, Baek noted, can be addressed through ‘basic secure coding practices, internal code review, and routine security testing,’ suggesting that many crypto platforms remain vulnerable to relatively simple technical exploits.

The Markets.com incident serves as a stark warning to cryptocurrency platforms about the evolving nature of security threats. Baek urged exchanges to adopt ‘continuous monitoring, device and network intelligence, and better cross-platform collaboration’ to detect synthetic identities early. As regulatory scrutiny increases globally, this case demonstrates how basic security oversights can lead to substantial financial losses and reputational damage, highlighting the urgent need for enhanced security protocols beyond traditional KYC verification.