CoinDCX Suffers $44.2M Security Breach; Customer Funds Confirmed Safe
BY
Ben Graham
|
By using this site, you agree to our Terms of Use of Use and Privacy Policy
CoinDCX, a leading Indian crypto exchange, suffered a $44.2M hack on July 19, targeting an internal wallet. Customer funds remain safe, as the breach did not affect reserves.
Crypto exchanges combine three core components of trading: settlement, execution, and custody. In traditional finance, these functions are segregated, making exchanges like the NYSE and NASDAQ resilient to failures that could result in massive losses. However, in the crypto industry, the landscape is entirely different.
Tokens for which exchanges provide liquidity are decentralized, and exchanges are responsible for securely storing user assets to protect them from hackers. Over time, hackers have become increasingly sophisticated, executing some of the largest heists, resulting in billions of dollars in losses, impacting even some of the top Solana meme coins. This year, Bybit lost over $4 billion but quickly recovered without pausing operations.
DISCOVER: 20+ Next Crypto to Explode in 2025
CoinDCX Hacked for $44 Million
On July 19, CoinDCX, one of India’s largest crypto exchanges, lost over $44 million in USDC and USDC from an internal operational wallet.
Crucially, this wallet was separate from the exchange’s reserves, ensuring that user funds, often verified through proof-of-reserves, were unaffected.
The breach, first detected by ZachXBT and Cyvers Alerts on X, revealed unauthorized transfers from the exchange, raising concerns about the vulnerabilities of centralized exchanges. Analysts noted that the breach targeted an internal wallet used for liquidity provision on a partner exchange.
As mentioned, this wallet was separate from CoinDCX’s published proof-of-reserves. The attacker initiated the exploit using 1 ETH, sending funds to Tornado Cash, a crypto mixer.
https://twitter.com/CyversAlerts/status/1946625586597888163
Subsequently, the hacker executed multiple transactions to obscure the original transfer, converting stolen funds to
ETH ▲2.03% and 
SOL ▲5.58% before bridging them across different blockchains. By dispersing funds across multiple intermediary wallets, the hacker aimed to complicate tracing efforts.
DISCOVER: Next 1000X Crypto: 10+ Crypto Tokens That Can Hit 1000x in 2025
Intervention: User Funds Unaffected
CoinDCX did not immediately detect the breach. According to ZachXBT, stolen funds were moved 17 hours before the exchange disclosed the hack. This delayed response has drawn sharp criticism from the community, with some questioning the exchange’s transparency and preparedness.
https://twitter.com/zachxbt/status/1946626657218863302
In response, Sumit Gupta, the CEO, emphasized that no customer funds were lost, as funds remained segregated. The platform announced it would absorb the loss from its corporate treasury reserves, ensuring no financial impact on its user base.
https://twitter.com/smtgpt/status/1946867532327240088
Furthermore, CoinDCX temporarily suspended crypto services, including fiat withdrawals, though some core trading operations remained unaffected.
The exchange is collaborating with partner exchanges and external cybersecurity firms to investigate the incident and recover stolen assets. The attacker’s wallet addresses have been made public, and on-chain sleuths have been asked to assist in tracking the stolen funds.
To enhance its security, CoinDCX launched a recovery bug bounty program. Those who participate and help the exchange recover funds will receive up to 25% of what they recovered.
https://twitter.com/smtgpt/status/1947215040899158359
Last year, WazirX, another Indian exchange, was hacked, losing $235 million due to an exploit in its multisig wallet. The stolen amount was nearly 50% of its total reserves, and included losses of some of the best cryptos to buy.
Similar to the CoinDCX hack, the attacker, linked to the Lazarus Group, used Tornado Cash to obfuscate transfers.
DISCOVER: Next 1000x Crypto – 12 Coins That Could 1000x in 2025
CoinDCX $44.2M Crypto Hack: Customer Funds Safe
The post CoinDCX Suffers $44.2M Security Breach; Customer Funds Confirmed Safe appeared first on 99Bitcoins.