Hacker Steals Identity To Hack Into Markets.com, Stealing Nearly $400,000

Indonesian authorities have arrested a Bandung-based hacker accused of exploiting a critical flaw inside the trading platform Markets.com—an incident that has quickly brought light to the limitations of Know-Your Customer identification as a primary defense mechanism for crypto exchanges.

The attack resulted in $398,000 in losses and revealed how easily bad actors can circumvent traditional KYC checks using real identity data scraped from public sources, creating accounts that appear entirely legitimate on paper while exploiting vulnerabilities deeper in a platform’s backend.

Police identified the attacker only as HS, who was detained after Markets.com parent company Finalto International filed a complaint. Investigators say HS discovered that the platform’s deposit system would automatically generate USDT balances based on whatever number he entered into the nominal input field—without performing proper backend validation.

Using this flaw, the suspect reportedly created multiple accounts, credited them with fraudulent balances, and then withdrew the funds before the platform detected the discrepancy.

Authorities seized a laptop, mobile devices, an ATM card, a 152-square-meter shophouse, and a cold wallet loaded with 266,801 USDT worth over $4.2 million. HS now faces cybercrime and anti-money laundering charges carrying potential penalties of up to 15 years in prison.

Identity Is No Longer Enough — How ‘Legitimate’ KYC Accounts Are Becoming Attack Vectors

While the financial loss was significant, the method behind the attack has drawn even greater concern across the crypto industry. According to Indonesian cybercrime investigators, HS passed Markets.com’s KYC checks by creating four accounts using scraped national ID data pulled from publicly accessible Indonesian websites. Because the data was real—and matched official identity fields—the platform’s onboarding process flagged nothing unusual.

Cybersecurity specialists say this pattern is becoming increasingly common. David Sehyeon Baek, a cybersecurity consultant explained how attackers today are drawing from massive underground databases of leaked government IDs, corporate breaches, and AI-generated documents to assemble “hyper-realistic synthetic identities” that are nearly impossible for standard KYC systems to detect.

He added that the sophistication of these identity kits shows HS was “plugged into a much bigger underground data ecosystem” rather than acting alone. Baek argues that the industry has treated KYC as a regulatory box to check, rather than a meaningful security barrier, even as criminals now use AI tools to refine forged documents and automate identity creation.

This case, he said, demonstrates how exchanges continue to rely on outdated assumptions—that identity equals trust—while threat actors take advantage of vulnerabilities entirely unrelated to user onboarding.

The Real Weak Point: Web2 Infrastructure Behind Crypto Platforms

The Markets.com incident is also emblematic of a broader shift in attacker behavior. Rather than attempting high-difficulty protocol exploits or draining smart contracts, hackers are turning their attention to the much softer Web2 underbelly that still powers most crypto platforms.

Markets.com’s vulnerability—a simple backend logic flaw in the deposit input system—allowed arbitrary amounts of USDT to be credited to accounts based solely on the number typed into a field.

Baek said this attack fits a “very clear industry trend,” with criminals increasingly targeting business logic failures, broken access controls, weak APIs, and insufficient backend validation. These gaps rarely make headlines until exploited, but remain common across exchanges that prioritize compliance checklists over secure engineering practices.

Experts warn that such vulnerabilities can be mitigated through routine code audits, strict backend validation rules, and continuous behavioral monitoring—systems that would have detected HS’s abnormal deposit patterns even after he cleared KYC. Exchanges are now being urged to adopt device fingerprinting, network intelligence, and cross-platform monitoring to identify suspect activity long before withdrawals occur.

The Markets.com breach underscores a difficult truth for the crypto industry: KYC does not equal security, and identity verification alone cannot protect a platform from attackers using real data, AI-assisted tools, or backend flaws. As stolen identity datasets grow and attackers increasingly target Web2 entry points, exchanges will need to replace compliance-driven security models with more dynamic, technical, and continuous defenses.

For now, the fallout from the Markets.com hack will likely continue to ripple across the region, serving as a wake-up call not just for Indonesian platforms but for global exchanges still relying on KYC as their main shield. The next generation of crypto threats won’t be stopped by verifying names and ID numbers—and exchanges that fail to adapt may soon find themselves exposed to similar attacks.