COINDCX CEO Confirms Internal Account Breach: $44.2M Crypto Hack Exposed
- How Was the COINDCX Hack Discovered?
- What Exactly Was Stolen?
- How Did COINDCX Respond?
- Why Does This Matter for Indian Crypto?
- What’s Next for COINDCX?
- FAQs: Your Burning Questions Answered
In a shocking revelation, COINDCX CEO Sumit Gupta confirmed a sophisticated server attack compromised an internal operational wallet, draining ~$44.2M in crypto. While customer funds remain secure in cold storage, the incident highlights escalating cybersecurity threats in India’s crypto ecosystem. Here’s our deep dive into what happened, how it unfolded, and why transparency matters.
How Was the COINDCX Hack Discovered?
Blockchain security firm Cyvers first spotted suspicious transactions 17 hours before the public disclosure. Analyst Zach XBT connected the dots manually, tracing the hacker’s path: "The attacker received 1 ETH via Tornado Cash, then bridged stolen solana funds to Ethereum," he noted on Telegram. The breached wallet wasn’t listed in COINDCX’s proof-of-reserves, raising questions about exchange transparency practices.
What Exactly Was Stolen?
The hacker siphoned funds from a liquidity provisioning account tied to an unnamed partner exchange—not customer wallets. Gupta emphasized: "All trading activities and INR withdrawals remain operational." COINDCX claims losses will be covered by their treasury, not user assets. The attacker’s addresses:
6perrbtz28xofajpjzekxnpcpr5xhysqcmjhqfdp22n
3BTCH8CSVP3UH2SIY9DEIRNYUBMFIBNHZQZDYECJS7GU
0xEF0C5B9E0E9643937D75C229648158584A8CD8D
How Did COINDCX Respond?
Within hours of Zach’s alert going viral, Gupta broke silence on X (formerly Twitter): "We’ve isolated the compromised account and engaged cybersecurity firms to trace fund movements." The team is patching vulnerabilities and plans a bug bounty program. Gupta framed this as a learning opportunity: "Every security incident makes us stronger in the war against cyber threats."
Why Does This Matter for Indian Crypto?
As India’s regulatory landscape remains uncertain (remember the 1% TDS debacle?), exchanges face mounting pressure to prove security credentials. COINDCX’s quick disclosure sets a precedent—but also reveals how centralized points remain vulnerable. "This is why I keep 95% of my crypto in cold wallets," remarked BTCC analyst Raj Patel. "Exchanges are battlefronts, not vaults."
What’s Next for COINDCX?
The exchange promises real-time updates and enhanced audits. Partner exchanges are reportedly reviewing liquidity protocols. Meanwhile, blockchain sleuths monitor the stolen funds—currently sitting idle across three chains. Will the hacker attempt to launder through mixers? That’s the million-dollar (or rather, $44.2M) question.
FAQs: Your Burning Questions Answered
Were COINDCX customer funds affected?
No. The breach only impacted an internal operational wallet used for partner exchange liquidity.
Can users still trade and withdraw normally?
Yes. COINDCX confirms all trading and INR withdrawal services remain fully operational.
What security measures is COINDCX implementing?
The exchange is launching a bug bounty program, conducting forensic audits, and collaborating with cybersecurity firms to trace stolen funds.
