BABUK RANSOMWARE: A VICTIM OF INDODAX HACK

**Executive Summary:** The report documents Babuk ransomware's return (Babuk 2.0), lists specific Bitcoin wallet addresses and transaction amounts showing transfers into Indodax exchange hot wallets, and recounts a September 11, 2024 Indodax compromise that drained roughly $20M — including wallets used by Babuk — causing the group to move subsequent ransom receipts to a different exchange wallet; the piece includes IoCs, transaction timelines, and unconfirmed speculation about DPRK involvement.