CoinDCX Hacked – $44.2 million Wiped off From the Platform

India’s second-largest cryptocurrency exchange, CoinDCX, confirmed a sophisticated security breach on July 19, 2025, resulting in approximately $44.2 million being stolen from the platform.

This incident marks another significant cyberattack on India’s crypto infrastructure, coming exactly one year after the devastating WazirX hack that cost investors $235 million.

Key Takeaways
1. CoinDCX lost $44.2 million to hackers who breached an internal liquidity account.
2. Customer funds are safe; CoinDCX will cover all losses from its own reserves.
3. This follows last year's $235 million WazirX hack, highlighting India's crypto security risks.

CoinDCX Breach: Operational Funds Stolen

Firstpost reports that the attack targeted CoinDCX’s internal operational account used exclusively for liquidity provisioning on partner exchanges. 

Co-founder and CEO Sumit Gupta confirmed that hackers exploited a server-side vulnerability to gain unauthorized access to the platform’s infrastructure. 

The breach was first identified by ethical hacker ZachXBT through his Telegram channel, though CoinDCX’s official confirmation came 17 hours later.

The stolen funds consisted primarily of stablecoins that were systematically moved from the Solana blockchain to Ethereum. 

Security analysis revealed that the attacker had pre-funded their wallet with 1 ETH via Tornado Cash, a cryptocurrency mixing service designed to obfuscate transaction trails. 

The funds were subsequently routed through multiple smart contract interactions before being laundered through decentralized exchanges, making recovery efforts significantly more challenging.

The attack demonstrates the inherent vulnerabilities in hot wallet infrastructure used for active trading operations. 

Unlike cold storage wallets that remain offline, hot wallets maintain constant internet connectivity for liquidity management, creating potential attack vectors for sophisticated hackers. 

The breach occurred through a private key compromise, allowing attackers to authorize transactions from the affected wallet without triggering multi-signature security protocols.

CoinDCX emphasized that customer funds remained secure in segregated cold storage systems, protected by hardware security modules (HSMs) and multi-signature authentication. 

The exchange temporarily suspended its Web3 services and DeFi integrations as a precautionary measure while conducting forensic analysis. 

Trading operations resumed within hours, with enhanced monitoring protocols implemented across all API endpoints and transaction validation systems.

This incident highlights critical security gaps in India’s cryptocurrency ecosystem, where regulatory oversight remains limited. 

The attack pattern mirrors previous crypto exchange breaches, particularly the methodology used by North Korean hacking groups like Lazarus Group, who have been linked to over $2 billion in cryptocurrency thefts globally.

CoinDCX has filed an FIR with local authorities and engaged leading cybersecurity firms to strengthen their infrastructure. 

The exchange is implementing additional security layers including zero-trust architecture, enhanced intrusion detection systems, and improved wallet segregation protocols. 

Industry experts recommend mandatory insurance coverage and standardized security audits for all cryptocurrency platforms operating in India to prevent similar incidents and protect investor interests.

Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now