Hacker Exploits Deposit System Flaw
Indonesian authorities have detained a local hacker who allegedly manipulated security weaknesses in trading platform Markets.com’s deposit mechanism to steal cryptocurrency worth $398,000. The suspect, identified only as HS, was arrested on Saturday in Bandung, West Java, following a formal complaint from Finalto International Limited, the London-based company that owns Markets.com.
Police investigation revealed that HS exploited what they called an “anomaly” in the platform’s nominal input system. The system apparently generated USDT balances based on whatever deposit amount the user entered, without proper backend validation. This created an opportunity for fraudulent gains simply by inputting false deposit figures.
Fake Accounts and Stolen Identities
According to police statements, the suspect created four separate fake accounts using the names Hendra, Eko Saldi, Arif Prayoga, and Tosin. He reportedly obtained real Indonesian national ID information by scraping publicly accessible websites, then used this data to create convincing fake identities for the accounts.
Authorities described HS as a computer accessories distributor who has been involved in cryptocurrency trading since 2017. They believe his experience in both technology and crypto markets helped him identify and exploit the system vulnerability effectively.
Significant Asset Seizure
During the arrest operation, police confiscated substantial evidence and assets including a laptop, mobile phone, CPU unit, ATM card, and a 152-square-meter shophouse in Bandung. Most notably, they seized a cold wallet containing 266,801 USDT worth approximately $4.2 million. The presence of such a large amount in the cold wallet suggests this might not have been the suspect’s only operation.
Deputy Cybercrime Director Andri Sudarmadi confirmed that HS faces charges under Indonesia’s cybercrime and anti-money laundering laws. If convicted, he could face up to 15 years in prison and fines reaching $900,000.
Broader Security Implications
Cybersecurity consultant David Sehyeon Baek told reporters that the use of scraped ID data indicates the hacker was likely “someone plugged into a much bigger underground data ecosystem” rather than working alone. He expressed concern about how easily bad actors can now “build convincing fake identities using leaked data and AI tools.”
“A lot of exchanges still treat KYC like a checkbox exercise,” Baek noted, adding that “traditional KYC alone just isn’t enough anymore.” He urged trading platforms to adopt more comprehensive security measures including continuous monitoring, device and network intelligence, and better cross-platform collaboration to detect synthetic identities early.
Baek sees this case as part of “a very clear industry trend” where attackers are shifting away from complex smart contract hacks toward “easier entry points in Web2 systems.” He specifically mentioned business logic flaws, weak APIs, broken access control, and poor backend validation as common vulnerabilities being exploited.
These types of security issues, according to the expert, can often be addressed through “basic secure coding practices, internal code review, and routine security testing.” The Markets.com incident serves as a reminder that even established trading platforms can have fundamental security weaknesses that sophisticated attackers can identify and exploit.
I think what’s interesting here is how the attacker didn’t need advanced technical skills—just an understanding of how the system worked and where its validation processes failed. It makes you wonder how many other platforms might have similar basic flaws in their deposit and balance systems.
