CoinDCX Loses $44.2M to Hackers Due to Server Breach
Major Breach Hits India's Top Crypto Exchange, CoinDCX Exactly One Year After $230M WazirX Hack
Popular Indian cryptocurrency exchange CoinDCX suffered a major loss of $44.2 million following a server breach that compromised one of its internal operational accounts. The hack occurred early on Saturday morning and specifically targeted an account used for liquidity provisioning with a partner exchange.
Blockchain investigator ZachXBT was the first person to flag the suspicious wallet activity, approximately 17 hours after the incident began, identifying a link to CoinDCX. The attacker funded his address with 1 ETH from the Tornado Cash platform, then bridged a portion of the stolen assets from Solana to Ethereum.
CoinDCX Responds, Security Measures and Investigation Underway
Shortly after ZachXBT reported the hack, CoinDCX CEO Sumit Gupta confirmed the breach on X, blaming the attack on a “sophisticated server breach” that compromised a segregated operational account used for liquidity. Gupta called for calm and emphasized that customer funds remained unaffected, as they are in different wallets.
“We immediately isolated the compromised account,” Gupta tweeted. “Since this account is separate from user wallets, the exposure is contained, and CoinDCX is covering the entire loss from our treasury reserves.”
Notably, CoinDCX has since launched an internal investigation in collaboration with cybersecurity experts to trace the movement of stolen funds and identify potential system vulnerabilities. They are also working with other exchanges to freeze any recoverable assets.
Frequency of Crypto Exchange Hacks Rises
The CoinDCX breach is one of a series of high-profile attacks targeting the crypto industry in recent months. On July 17, exchange platform BigONE lost $27 million to a cyberattack.
The attackers exploited a supply chain vulnerability to infiltrate BigONE’s production infrastructure. This breach allowed them to manipulate the platform’s risk management logic and account operations, ultimately resulting in the loss of customer funds.
CoinDCX’s incident comes exactly one year after the record-breaking $230 million hack that affected WazirX, another prominent Indian exchange. That attack was later linked to North Korea’s Lazarus Group. There’s no onchain proof linking Lazarus to this recent CoinDCX hack.
