20.07.2025 00:17

A significant security breach has impacted CoinDCX, a prominent Indian cryptocurrency exchange. Blockchain investigator ZachXBT and cybersecurity firm Cyvers estimate losses from this internal wallet exploit to be approximately $44.2 million.

The breach came to light after unusual on-chain activity, involving the infamous cryptocurrency mixer Tornado Cash, raised red flags. Specifically, an attacker initially received a single Ethereum via Tornado Cash before orchestrating a sophisticated series of cross-chain transactions, ultimately transferring funds from the Solana blockchain to Ethereum; a tactic commonly employed to obscure the origin of illicit funds.

CoinDCX CEO Sumit Gupta promptly addressed the incident, emphasizing that the compromised wallet was exclusively used for liquidity management on a partner platform and did not contain any customer funds. He provided reassurance to users, stating unequivocally that all client assets remained secure.

Despite Gupta's assurance, the incident highlights vulnerabilities within the cryptocurrency ecosystem. Cyvers Alerts, the first to detect the suspicious activity, underscored the rapid dispersal of stolen funds across various wallets and protocols, significantly hindering tracking efforts. The compromised wallet's absence from CoinDCX's published proof-of-reserve reports further complicated early detection and response. The exchange has since taken immediate action, suspending relevant systems and engaging third-party security experts for a comprehensive investigation.

This incident was reported by Alexander Stefanov, a seasoned financial journalist and cryptocurrency expert with over eight years of experience covering the fintech, blockchain, and cryptocurrency sectors. His reporting for Coindoo provides insightful analyses on the ever-evolving world of digital assets. This detailed account, sourced from internet sources, underscores the ongoing challenges of maintaining robust security within the volatile cryptocurrency landscape.