CoinDCX Hack: $44.2M Heist Shakes Crypto—But User Funds Remain Secure
Crypto exchange CoinDCX just joined the $100M+ hack club—but with a rare twist.
While attackers made off with $44.2M in platform funds, the company confirmed customer assets stayed untouched. A silver lining in an industry where 'not your keys, not your coins' usually ends in tears.
Security vs. convenience: The eternal crypto tradeoff just got another case study. Exchanges keep proving they're the juiciest honeypots in digital finance—wall street's wolves would blush at this efficiency.
One question remains: When will the 'trust us, we're secure' promises finally match reality?
CoinDCX Hacked for $44 Million
On July 19, CoinDCX, one of India’s largest crypto exchanges, lost over $44 million in USDC and USDC from an internal operational wallet.
Crucially, this wallet was separate from the exchange’s reserves, ensuring that user funds, often verified through proof-of-reserves, were unaffected.
The breach, first detected by ZachXBT and Cyvers Alerts on X, revealed unauthorized transfers from the exchange, raising concerns about the vulnerabilities of centralized exchanges. Analysts noted that the breach targeted an internal wallet used for liquidity provision on a partner exchange.
As mentioned, this wallet was separate from CoinDCX’s published proof-of-reserves. The attacker initiated the exploit using 1 ETH, sending funds to Tornado Cash, a crypto mixer.
https://twitter.com/CyversAlerts/status/1946625586597888163
Subsequently, the hacker executed multiple transactions to obscure the original transfer, converting stolen funds to
ETH ▲2.03% and
SOL ▲5.58% before bridging them across different blockchains. By dispersing funds across multiple intermediary wallets, the hacker aimed to complicate tracing efforts.
EthereumPriceMarket CapETH$460.30B24h7d30d1yAll time
Intervention: User Funds Unaffected
CoinDCX did not immediately detect the breach. According to ZachXBT, stolen funds were moved 17 hours before the exchange disclosed the hack. This delayed response has drawn sharp criticism from the community, with some questioning the exchange’s transparency and preparedness.
https://twitter.com/zachxbt/status/1946626657218863302
In response, Sumit Gupta, the CEO, emphasized that no customer funds were lost, as funds remained segregated. The platform announced it WOULD absorb the loss from its corporate treasury reserves, ensuring no financial impact on its user base.
https://twitter.com/smtgpt/status/1946867532327240088
Furthermore, CoinDCX temporarily suspended crypto services, including fiat withdrawals, though some CORE trading operations remained unaffected.
The exchange is collaborating with partner exchanges and external cybersecurity firms to investigate the incident and recover stolen assets. The attacker’s wallet addresses have been made public, and on-chain sleuths have been asked to assist in tracking the stolen funds.
To enhance its security, CoinDCX launched a recovery bug bounty program. Those who participate and help the exchange recover funds will receive up to 25% of what they recovered.
https://twitter.com/smtgpt/status/1947215040899158359
Last year, WazirX, another Indian exchange, was hacked, losing $235 million due to an exploit in its multisig wallet. The stolen amount was nearly 50% of its total reserves, and included losses of some of the best cryptos to buy.
Similar to the CoinDCX hack, the attacker, linked to the Lazarus Group, used Tornado Cash to obfuscate transfers.
Next 1000x Crypto – 12 Coins That Could 1000x in 2025
CoinDCX $44.2M Crypto Hack: Customer Funds Safe
- CoinDCX hacked for $44 million
- Customer funds not affected
- Tornado Cash crypto mixer used
- CoinDCX to absorb loss and recoup stolen funds from its treasury
