CoinDCX suffers $44.2 million hacker attack. Customer funds not involved.
India's largest cryptocurrency exchange, CoinDCX, has confirmed a major security breach in which hackers hacked approximately $44.2 million in cryptocurrencies from one of its internal operating accounts.
The co-founder and CEO of CoinDCX, Sumit Gupta, revealed the incident on Saturday with a post on X, stating that customer funds were not involved in the breach.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts - used only for liquidity provisioning on a partner exchange - was compromised due to a... pic.twitter.com/L1kZhjKAxQ
The compromised account was "only used to provide liquidity on an exchange partner". Gupta explained that because customer assets are stored separately from operational accounts, the exposure to this specific account and the resulting loss are fully covered by CoinDCX's treasury funds.
CoinDCX also confirmed that the loss was initially reported by crypto security researcher ZachXBT, who also pointed out that the hacker embezzled the equivalent of $44.2 million in crypto. ZachXBT's Telegram channel revealed that the hacker's address received 1 Ethereum (ETH) from Tornado Cash and subsequently transferred part of the stolen funds from the Solana blockchain to Ethereum.
CoinDCX confirmed the amount of the loss, explaining that the funds were transferred through bridge Solana-Ethereum and centralised in 4,443 Ethereum and 155,830 Solana, which are currently inactive. The exchange, which is registered with India's Financial Intelligence Unit (FIU) and has over 16 million users, is working with the CERT-In (India's Computer Emergency Response Team) and its exchange partner to further analyse the incident.
"The incident was quickly contained by isolating the compromised operational account," Gupta added. "We understand that these are unfortunate events, which can undermine user confidence, but we want to reassure our customers that their assets were not affected by this incident. We are working with our partner to freeze and recover the misappropriated funds."
CoinDCX also launched a "recovery bounty" programme on Monday, offering up to 25% of the recovered funds to anyone who can help identify and trace the stolen funds. "It is of paramount importance to identify and apprehend these attackers," said Gupta. "We hope to work with all security researchers to make it extremely difficult for hackers to carry out breaches like this in the industry."
CoinDCX offers access to over 500 crypto assets and this breach comes almost a year after the discovery of a $230 million attack on WazirX, another Indian exchange. The two events could be connected, although CoinDCX made no reference to this.
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)
The DeFi Abracadabra protocol was hit by its third major exploit since the beginning of 2024, with attackers draining around $1.7 million by circumventing a smart contract credit check.
SBI Crypto, part of Japan's largest digital asset conglomerate, was hacked for $21 million in Bitcoin, Ethereum and other assets, with blockchain researchers
India's largest cryptocurrency exchange, CoinDCX, has confirmed a major security breach in which hackers hacked approximately $44.2 million in cryptocurrencies from one of its internal operating accounts.
The co-founder and CEO of CoinDCX, Sumit Gupta, revealed the incident on Saturday with a post on X, stating that customer funds were not involved in the breach.
The compromised account was "only used to provide liquidity on an exchange partner". Gupta explained that because customer assets are stored separately from operational accounts, the exposure to this specific account and the resulting loss are fully covered by CoinDCX's treasury funds.
CoinDCX also confirmed that the loss was initially reported by crypto security researcher ZachXBT, who also pointed out that the hacker embezzled the equivalent of $44.2 million in crypto. ZachXBT's Telegram channel revealed that the hacker's address received 1 Ethereum (ETH) from Tornado Cash and subsequently transferred part of the stolen funds from the Solana blockchain to Ethereum.
CoinDCX confirmed the amount of the loss, explaining that the funds were transferred through bridge Solana-Ethereum and centralised in 4,443 Ethereum and 155,830 Solana, which are currently inactive. The exchange, which is registered with India's Financial Intelligence Unit (FIU) and has over 16 million users, is working with the CERT-In (India's Computer Emergency Response Team) and its exchange partner to further analyse the incident.
"The incident was quickly contained by isolating the compromised operational account," Gupta added. "We understand that these are unfortunate events, which can undermine user confidence, but we want to reassure our customers that their assets were not affected by this incident. We are working with our partner to freeze and recover the misappropriated funds."
CoinDCX also launched a "recovery bounty" programme on Monday, offering up to 25% of the recovered funds to anyone who can help identify and trace the stolen funds. "It is of paramount importance to identify and apprehend these attackers," said Gupta. "We hope to work with all security researchers to make it extremely difficult for hackers to carry out breaches like this in the industry."
CoinDCX offers access to over 500 crypto assets and this breach comes almost a year after the discovery of a $230 million attack on WazirX, another Indian exchange. The two events could be connected, although CoinDCX made no reference to this.
Read Next
Evolved North Korean Hackers: New Danger Level for the Crypto Sector
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
North Korea: The Ultimate Cyber-Attack? Evasive Malware and Blockchain in the Crosshairs.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)
Abracadabra Hit by Third Exploit in Two Years, Losing $1.7M
The DeFi Abracadabra protocol was hit by its third major exploit since the beginning of 2024, with attackers draining around $1.7 million by circumventing a smart contract credit check.
Japanese Mining Giant SBI Crypto Hit by $21 Million Breach
SBI Crypto, part of Japan's largest digital asset conglomerate, was hacked for $21 million in Bitcoin, Ethereum and other assets, with blockchain researchers