20.07.2025 17:30

A sophisticated server breach has resulted in a significant financial loss for CoinDCX, a leading Indian cryptocurrency exchange. The attack compromised an internal account used for liquidity management with a partner exchange, leading to a $44 million theft. This incident underscores the ongoing vulnerabilities within the cryptocurrency industry, highlighting the need for robust security measures.

Blockchain investigator ZachXBT first brought the breach to light, tracing the stolen funds to an attacker's address. Their investigation revealed that the attacker initially received 1 ETH from Tornado Cash, a privacy-enhancing platform, before moving a portion of the stolen cryptocurrency from the Solana blockchain to the Ethereum blockchain. This intricate money-laundering scheme showcases the advanced techniques employed by cybercriminals.

Sumit Gupta, CoinDCX's CEO, publicly acknowledged the incident on X (formerly Twitter), confirming the compromise of an internal operational account. He reassured users that customer funds remained untouched, safely stored in cold wallets, and that the exchange would absorb the $44 million loss from its own reserves. The swift containment of the breach, through the isolation of the affected account, prevented wider damage.

Following the incident, CoinDCX has initiated a comprehensive response, including collaborations with cybersecurity specialists to investigate the root cause of the breach. Furthermore, the exchange is actively cooperating with partner exchanges to recover the stolen funds and prevent further exploitation. A future bug bounty program is planned to proactively address potential security vulnerabilities and incentivize ethical hacking. This proactive approach aims to enhance security and prevent future incidents.