Best crypto insights delivered straight to your inbox.
- CoinDCX was exploited for $44.2 million through a compromised internal account.
- ZachXBT exposed the breach after Cyvers flagged unusual activity.
- CEO confirmed customer funds are safe and losses will be covered from treasury.
CoinDCX, one of India’s biggest crypto platforms, just got wiped for $44.2 million in what looks like a hot wallet exploit. The hit happened about 17 hours ago, and the company didn’t say a word until on-chain sleuth ZachXBT exposed it.
The stolen crypto was first flagged by Cyvers, a blockchain security firm that spotted suspicious transactions and alerted Zach.
Zach went public with the information on Telegram: “Looks like the India centralized exchange ‘CoinDCX’ was likely drained for ~$44.2M almost 17 hours ago and has yet to disclose the incident to the community.”
He said the hacker address got 1 ETH from Tornado Cash, and then bridged part of the stolen funds from Solana to Ethereum. The hack wasn’t traced to a tagged wallet or listed in CoinDCX’s proof of reserves. Zach said he figured out the link by checking counterparties manually.
He also listed the attacker’s addresses:
- Solana: 6peRRbTz28xofaJPJzEkxnpcpR5xhYsQcmJHQFdP22n
- Solana: 3btch8cSVp3Uh2SiY9DeiRNYUBmFiBNHZQzDyecJs7Gu
- Ethereum: 0xEF0c5b9E0E9643937D75C229648158584A8CD8D
CEO confirms internal account got breached
Right after Zach’s post started circulating, Sumit Gupta, the CEO of CoinDCX, finally stepped up with a statement on X, saying, “Hi everyone, At CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.”
According to Sumit, the compromised account was an internal operational wallet, not one that holds customer funds. He said it was used “only for liquidity provisioning on a partner exchange”. The breach was caused by a “sophisticated server attack,” but Sumit claims all customer wallets were safe and hadn’t been touched.
“No customer funds have been impacted. Your assets remain completely safe and protected in our secure cold wallet infrastructure. All trading activity and INR withdrawals are fully operational.”
The team isolated the breached account fast and says the loss is being covered from their own treasury, not customers’ assets. They’ve brought in cybersecurity firms to dig through the breach, patch vulnerabilities, and track where the funds are moving. Gupta said they’re also working with the unnamed exchange partner where the liquidity account was being used.
They plan to launch a bug bounty program to catch other possible security gaps. He also said, “Every security incident is a learning, and we will learn from this and further strengthen our platform… this is our time to win this war against cyberthreats in the industry.”
He ended by promising real-time updates going forward: “I understand incidents like this can be unsettling – even when customer assets are unaffected. That’s why I am sharing this incident with you with full transparency. Thank you for your continued trust. I will keep you informed on a real-time basis as we learn more.”
The smartest crypto minds already read our newsletter. Want in? Join them.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)