Indian cryptocurrency exchange CoinDCX fell victim to a $44 million cyberattack on Friday. The breach targeted an internal operational account used for liquidity provisioning, not customer wallets. According to CEO Sumit Gupta, the hack resulted from a “sophisticated server breach” and was swiftly contained by isolating the compromised account
💰 Impact & Response
- $44 million lost from CoinDCX’s treasury assets, including stablecoins USDC/USDT
- Customer funds remain safe; wallets were unaffected, and INR withdrawals continued without interruption
- The company is absorbing the loss using its own reserves
- Trading was briefly paused in “Web3 mode” but restored shortly after
- Sumit Gupta reassured the public on social media: “Don’t panic sell… often leads to poor prices and unnecessary losses”
🔎 Who Carried Out the Attack?
On-chain analyst ZachXBT revealed the attacker funded the outgoing transactions using Tornado Cash, bridging assets across Solana and Ethereum
🚀 Industry Context
- This incident mirrors the July 2024 WazirX hack, where north of $230 million was stolen, highlighting ongoing cybersecurity dangers in India’s crypto sector
- Chainalysis reports that over $2 billion in crypto was stolen in 2024 alone—CoinDCX adds to a concerning trend
🔐 What’s Next?
- CoinDCX is teaming up with cybersecurity experts and partners to trace stolen funds, recover assets, and plug vulnerabilities
- The company plans to launch a bug bounty program to improve platform security
- CEO emphasizes that the breach is a learning opportunity to fortify infrastructure and prevent future threats
✅ Final Takeaway
- The CoinDCX cyberattack resulted in a $44 million loss from an internal account, yet no customer assets were affected.
- Losses are being covered by the company’s treasury, and operations have been quickly restored.
- The incident reinforces the critical need for robust security measures in the crypto industry, especially in India.
