
CoinDCX, one of the premier cryptocurrency exchanges in India, suffered a staggering $44.2 million hack on July 19, which targeted an internal wallet. However, customer funds were confirmed to be secure as the breach did not compromise the exchange’s reserves.
Security Breach Details
The hack, first reported by ZachXBT and Cyvers Alerts on X, involved unauthorized transfers from the exchange. The compromised wallet, earmarked for liquidity provision on a partner exchange, was kept separate from CoinDCX’s proof-of-reserves. The attacker initiated the breach using 1 ETH, rerouting funds to Tornado Cash, a crypto mixer.
Subsequent attempts to disguise the original transfer included converting the stolen assets into various cryptocurrencies including ETH and SOL, complicating tracing efforts.
The CEO, Sumit Gupta, insisted that no customer funds were lost, aiming to assure users amid rising community concerns about transparency and the exchange’s crisis management capabilities. The company plans to absorb the losses from its corporate treasury, thus ensuring no financial fallout for users.
Furthermore, CoinDCX temporarily halted crypto transactions, including fiat withdrawals, while clarifying that core trading volume remained steady. The exchange is working with cybersecurity firms to investigate the breach, and the hacker’s wallet addresses have been disclosed to facilitate tracking of the stolen funds.
To enhance security and support recovery efforts, CoinDCX has initiated a bug bounty program. Participants who help recover the funds will be eligible for a reward of up to 25% of the recovered amount.
In comparison, last year’s WazirX hack resulted in losses of $235 million, highlighting the ongoing challenges facing cryptocurrency exchanges in securing user assets.