Coindcx Hack: $44 Million Stolen from Indian Crypto Exchange

CoinDCX Confirms Security Breach and Crypto Loss

India's leading cryptocurrency exchange, CoinDCX, has acknowledged a recent security compromise affecting one of its internal operational accounts. This breach resulted in the unauthorized removal of a substantial amount of cryptocurrency by hackers.

Details of the Incident

Sumit Gupta, co-founder and CEO of CoinDCX, revealed on Saturday via a post on X that the compromised account was specifically utilized for providing liquidity on a collaborating exchange. He emphasized that customer funds were not impacted by this incident and remain fully protected.

Prior to Gupta’s statement, crypto security analyst ZachXBT reported an estimated $44.2 million had been drained from CoinDCX as a consequence of the security breach.

Tracing the Stolen Funds

The researcher detailed that the attacker’s address initially received funding via 1ETH through Tornado Cash. Subsequently, a portion of the stolen funds was transferred from the Solana blockchain to the Ethereum blockchain.

CoinDCX verified the loss amount to TechCrunch, explaining that the funds were channeled through Solana-Ethereum bridges. These funds were then consolidated into 4,443 Ethereum and 155,830 Solana, which are currently inactive.

Investigation and Collaboration

The exchange is actively cooperating with India’s Computer Emergency Response Team (CERT-In) and partner exchanges to conduct a thorough investigation into the matter.

CoinDCX, which is registered with the government’s Financial Intelligence Unit, currently serves over 16 million users and provides access to more than 500 different crypto assets.

Containment and Financial Responsibility

“The affected operational account was swiftly isolated, effectively containing the incident,” Gupta stated in his X post. “Because our operational accounts are kept separate from customer wallets, the financial exposure is limited to this specific account and will be covered entirely by our own treasury reserves.”

The company is also collaborating with the partner exchange to attempt to block and recover the stolen assets.

Recovery Efforts and Bounty Program

Acknowledging the potential concern caused by such incidents, Gupta stated, “I recognize that events like these can be unsettling – even when customer assets are unaffected.”

On Monday, the exchange initiated a “recovery bounty” program, offering a reward of up to 25% of any recovered funds to individuals who can assist in tracing and retrieving the stolen cryptocurrency.

Focus on Apprehending the Attackers

“Beyond the recovery of the stolen funds, our primary goal is to identify and apprehend the perpetrators, ensuring that such incidents do not recur – not with us, and not with anyone else in the industry,” Gupta explained.

Recent History of Crypto Exchange Breaches in India

This breach occurs nearly a year after a significant security incident at WazirX, another major Indian crypto exchange. The WazirX breach resulted in a loss of $230 million, representing almost half of its total reserves, and led to a temporary halt in trading.

At this time, it remains uncertain whether any connection exists between the CoinDCX and WazirX breaches.