21.07.2025 01:58

A sophisticated cyberattack targeting CoinDCX, a prominent Indian cryptocurrency exchange, resulted in a loss of approximately $44.2 million on July 18th. This significant breach, initially uncovered by on-chain investigator ZachXBT, went unreported by CoinDCX for a concerning 17-hour period.

Confirmation of the attack came swiftly from CoinDCX co-founder Sumit Gupta, who acknowledged the incident via a Telegram response to ZachXBT. Gupta explained that the hackers exploited a vulnerability in the exchange's internal operating account, dedicated solely to maintaining liquidity on a partner exchange. Crucially, he reassured users that customer funds remained untouched and secure, emphasizing the breach's limited scope.

Gupta further clarified that the exchange's operational reserves covered the entire financial loss. Business continued uninterrupted; trading, deposits, and withdrawals proceeded normally. CoinDCX immediately engaged cybersecurity professionals to conduct a thorough investigation and, in collaboration with its partner exchange, actively pursue the recovery of the stolen assets.

This incident highlights the ongoing vulnerability within the cryptocurrency ecosystem. It follows a similar, albeit larger-scale, attack on WazirX, another Indian exchange, which suffered a $235 million loss exactly one year prior. WazirX, while announcing a return to operation in April 2025, remains offline at the time of writing. This incident, along with the staggering $2.1 billion in losses from the first half of the year—marked notably by Bybit's $1.5 billion February breach—underscores the urgent need for robust security measures across the industry. Information for this report was gathered from internet sources.