CoinDCX Hack: $44.2 Million Drained from the Platform

On July 19, 2025, CoinDCX, India’s second-largest cryptocurrency exchange, confirmed a sophisticated security breach that led to the theft of approximately $44.2 million from its platform.

This major cyberattack adds to the growing concerns over the security of India’s crypto ecosystem, occurring exactly one year after the WazirX hack, which resulted in a $235 million loss for investors.

Key Takeaways:

$44.2 Million Stolen – Hackers compromised an internal liquidity account on CoinDCX, resulting in a loss of $44.2 million.

Customer Funds Unaffected – CoinDCX assured users that customer assets remain safe and all losses will be covered using the company’s own reserves.

Growing Security Concerns – The breach comes exactly a year after the $235 million WazirX hack, underscoring persistent vulnerabilities in India’s crypto infrastructure.

CoinDCX Breach: Operational Funds Stolen in $44.2 Million Hack

The attack specifically targeted CoinDCX’s internal operational account used solely for liquidity provisioning on partner exchanges.

Co-founder and CEO Sumit Gupta revealed that the breach occurred after hackers exploited a server-side vulnerability, allowing them to infiltrate the platform’s infrastructure.

The breach was initially flagged by ethical hacker ZachXBT via his Telegram channel, with CoinDCX officially confirming the incident 17 hours later.

CoinDCX Breach: $44.2 Million Stolen in Targeted Attack on Liquidity Account

India’s second-largest crypto exchange, CoinDCX, confirmed a sophisticated security breach on July 19, 2025, that resulted in the theft of approximately $44.2 million from an internal operational account used for liquidity provisioning on partner platforms.

Attack Details:

1. The breach stemmed from a server-side vulnerability that allowed attackers to compromise a private key tied to a hot wallet, bypassing multi-signature security protocols.
2. The stolen funds, primarily stablecoins, were moved from the Solana blockchain to Ethereum, then routed through smart contract interactions and decentralized exchanges, effectively obfuscating the transaction trail.
3. The attacker’s wallet was pre-funded with 1 ETH via Tornado Cash, a mixing service often used to hide fund origins.
4. Ethical hacker ZachXBT was the first to flag the breach via Telegram. CoinDCX issued an official confirmation 17 hours later.

Hot Wallet Vulnerabilities:

1. The breach highlights the inherent risks of hot wallets, which remain connected to the internet for real-time trading operations.
2. In contrast, cold storage wallets, which house customer funds, are kept offline and are protected by hardware security modules (HSMs) and multi-signature authentication.

Response and Mitigation:

1. Customer funds remained unaffected, as they are stored in segregated cold wallets.
2. CoinDCX temporarily suspended Web3 services and DeFi integrations during its forensic investigation.
3. Trading operations resumed within hours, bolstered by enhanced monitoring protocols, improved API endpoint security, and transaction validation systems.

Broader Implications:

1. The breach mirrors tactics used by North Korea-linked groups like Lazarus, responsible for over $2 billion in global crypto thefts.
2. CoinDCX has filed an FIR with authorities and is working with top cybersecurity firms to strengthen its infrastructure.
3. Planned upgrades include zero-trust architecture, intrusion detection systems, and better wallet segregation.

Industry Recommendations:

Experts are urging Indian regulators to enforce:

• Mandatory security audits
• Insurance coverage for digital assets
• Stricter cybersecurity standards across all exchanges

The incident underscores the urgent need for robust regulatory oversight in India’s rapidly evolving crypto landscape.