19.07.2025 19:34

A significant security breach at CoinDCX, a leading Indian cryptocurrency exchange, resulted in the theft of approximately $44.2 million. Blockchain investigator ZachXBT uncovered the incident, revealing that the attacker initiated the heist with a mere 1 ETH obtained from Tornado Cash, subsequently transferring a portion of the stolen funds between Solana and Ethereum networks. This information emerged from various online sources.

User reports indicate CoinDCX temporarily suspended certain trading pairs and cancelled pending spot orders. Furthermore, their Web3 wallet became inaccessible, leading to considerable user uncertainty and concern about the impact of the breach. The disruption prompted numerous questions from users affected by the service interruptions.

Sumit Gupta, CoinDCX's co-founder and CEO, addressed the situation via a post on X (formerly Twitter). He confirmed a security compromise affecting an internal operational account used for liquidity on a partner exchange. Importantly, Gupta categorically assured users that customer funds were unaffected and remain securely stored in cold wallets.

Despite the server compromise, CoinDCX swiftly contained the breach by isolating the compromised internal account. This decisive action minimized the impact, ensuring the continued operation of INR withdrawals and overall trading functionalities. Gupta further clarified that CoinDCX is absorbing the entire financial loss from its own treasury.

Moving forward, Gupta announced CoinDCX's collaboration with cybersecurity experts to both recover the stolen funds and enhance platform security. The exchange is implementing a bug bounty program to incentivize the discovery and reporting of vulnerabilities. Maintaining transparency, Gupta pledged to keep the community regularly updated on the ongoing investigation and remediation efforts. The temporary suspension of the CoinDCX Web3 service is a precautionary measure to further safeguard user assets.