In a recent security incident, Indodax experienced abnormal transaction activities across different blockchain networks, amounting to approximately $18.2 million. Initially, reports suggested that the incident may have been caused by hackers obtaining the private keys from the hot wallets. However, after a detailed analysis by 23pds, the Chief Information Security Officer at SlowMist Technology, it was concluded that the real cause of the event was a system attack, specifically the intrusion into critical system components such as signature machines, rather than a leak of private keys from the hot wallets. This finding is significant for understanding the nature of this incident and seeking effective preventive measures.