CoinDCX suffers $44.2 million hacker attack. Customer funds not involved.
India's largest cryptocurrency exchange, CoinDCX, has confirmed a major security breach in which hackers hacked approximately $44.2 million in cryptocurrencies from one of its internal operating accounts.
The co-founder and CEO of CoinDCX, Sumit Gupta, revealed the incident on Saturday with a post on X, stating that customer funds were not involved in the breach.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts - used only for liquidity provisioning on a partner exchange - was compromised due to a... pic.twitter.com/L1kZhjKAxQ
The compromised account was "only used to provide liquidity on an exchange partner". Gupta explained that because customer assets are stored separately from operational accounts, the exposure to this specific account and the resulting loss are fully covered by CoinDCX's treasury funds.
CoinDCX also confirmed that the loss was initially reported by crypto security researcher ZachXBT, who also pointed out that the hacker embezzled the equivalent of $44.2 million in crypto. ZachXBT's Telegram channel revealed that the hacker's address received 1 Ethereum (ETH) from Tornado Cash and subsequently transferred part of the stolen funds from the Solana blockchain to Ethereum.
CoinDCX confirmed the amount of the loss, explaining that the funds were transferred through bridge Solana-Ethereum and centralised in 4,443 Ethereum and 155,830 Solana, which are currently inactive. The exchange, which is registered with India's Financial Intelligence Unit (FIU) and has over 16 million users, is working with the CERT-In (India's Computer Emergency Response Team) and its exchange partner to further analyse the incident.
"The incident was quickly contained by isolating the compromised operational account," Gupta added. "We understand that these are unfortunate events, which can undermine user confidence, but we want to reassure our customers that their assets were not affected by this incident. We are working with our partner to freeze and recover the misappropriated funds."
CoinDCX also launched a "recovery bounty" programme on Monday, offering up to 25% of the recovered funds to anyone who can help identify and trace the stolen funds. "It is of paramount importance to identify and apprehend these attackers," said Gupta. "We hope to work with all security researchers to make it extremely difficult for hackers to carry out breaches like this in the industry."
CoinDCX offers access to over 500 crypto assets and this breach comes almost a year after the discovery of a $230 million attack on WazirX, another Indian exchange. The two events could be connected, although CoinDCX made no reference to this.
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
India's largest cryptocurrency exchange, CoinDCX, has confirmed a major security breach in which hackers hacked approximately $44.2 million in cryptocurrencies from one of its internal operating accounts.
The co-founder and CEO of CoinDCX, Sumit Gupta, revealed the incident on Saturday with a post on X, stating that customer funds were not involved in the breach.
The compromised account was "only used to provide liquidity on an exchange partner". Gupta explained that because customer assets are stored separately from operational accounts, the exposure to this specific account and the resulting loss are fully covered by CoinDCX's treasury funds.
CoinDCX also confirmed that the loss was initially reported by crypto security researcher ZachXBT, who also pointed out that the hacker embezzled the equivalent of $44.2 million in crypto. ZachXBT's Telegram channel revealed that the hacker's address received 1 Ethereum (ETH) from Tornado Cash and subsequently transferred part of the stolen funds from the Solana blockchain to Ethereum.
CoinDCX confirmed the amount of the loss, explaining that the funds were transferred through bridge Solana-Ethereum and centralised in 4,443 Ethereum and 155,830 Solana, which are currently inactive. The exchange, which is registered with India's Financial Intelligence Unit (FIU) and has over 16 million users, is working with the CERT-In (India's Computer Emergency Response Team) and its exchange partner to further analyse the incident.
"The incident was quickly contained by isolating the compromised operational account," Gupta added. "We understand that these are unfortunate events, which can undermine user confidence, but we want to reassure our customers that their assets were not affected by this incident. We are working with our partner to freeze and recover the misappropriated funds."
CoinDCX also launched a "recovery bounty" programme on Monday, offering up to 25% of the recovered funds to anyone who can help identify and trace the stolen funds. "It is of paramount importance to identify and apprehend these attackers," said Gupta. "We hope to work with all security researchers to make it extremely difficult for hackers to carry out breaches like this in the industry."
CoinDCX offers access to over 500 crypto assets and this breach comes almost a year after the discovery of a $230 million attack on WazirX, another Indian exchange. The two events could be connected, although CoinDCX made no reference to this.
Read Next
32 Million Upbit Hack: Token Solana to Stars on the Korean Market!
Upbit suspends deposits and withdrawals after a hacker attack that embezzled 32 million in Solana tokens, causing heavy premiums in the Korean market.
UK crypto heist: convictions and self-custody risk
A heist of more than 4.3 million in cryptocurrencies in the UK calls into question the security of self-custody and the risks of the human factor.
Crypto Clash: Beijing Blames US for LuBian's 127,000 BTC Bitcoin Exploit
China accuses Washington of 'draining' 127,000 BTC from LuBian in 2020. Researchers link the exploit to a flaw in key generation.
New Eleven Drainer attack: threat to crypto wallets
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.