The Indian centralized exchange CoinDCX has reportedly been drained for nearly $44.2 million almost 17 hours ago, the on-chain sleuth ZachXBT claimed on July 19.
The attacker address was funded with 1 Ethereum from Tornado Cash and later bridged a portion of the stolen funds from Solana to Ethereum, the sleuth said. Tornado Cash is a non-custodial cryptocurrency mixer.
Source: Telegram channel- Investigations by ZachXBT
“The affected CoinDCX hot wallet is not publicly tagged or in current proof of reserves so I had to manually attribute it via reviewing counterparties,” ZachXBT added. They also identified the theft address on their Telegram channel, “Investigations by ZachXBT.”
Source: Telegram channel- Investigations by ZachXBT
ZachXBT credited Cyvers Alerts for flagging the suspicious withdrawals.
“Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a sophisticated server breach.”
Gupta added, “I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe.”
Gupta told CoinDCX users that the exploit didn’t impact any customer funds, and customer assets remain completely safe and protected in their secure cold wallet infrastructure.
All trading activity and INR withdrawals are fully operational on the exchange, he added.
The CoinDCX CEO also claimed that the incident was quickly contained by isolating the affected operational account.
The exchange’s operational accounts are segregated from customer wallets, so the exposure is only limited to this specific account and is being fully absorbed from CoinDCX’s own treasury reserves, he said to reassure the exchange’s customers.
Gupta also said that CoinDCX is collaborating with its exchange partner to block and recover stolen assets and will soon launch a bug bounty program.
CoinDCX co-founder Neeraj Khandelwal said the exchange’s treasury assets have lost around $44 million; the amount, he said, has been ascertained both internally and externally.
When a user asked about the delay in releasing a statement, Khandelwal said the platform’s priority was to first secure the assets before making any public announcement.
After some time, Khandelwal said the portfolio is back. However, the comment section had users complaining about CoinDCX showing lower returns than other exchanges and even losing funds.
Khandelwal also said the exchange is working with multiple crypto forensics agencies to recover lost funds from their treasury.
Khandelwal added:
“Coindcx Web3 is not functional at the moment out of abundance of precaution. Customers funds in the Web3 section are also safe. Web3 trading will resume shortly and we will keep you updated.”
CoinDCX isn’t the first Indian crypto exchange to suffer an exploit.
WazirX, another Indian crypto exchange, was hacked for $234 million a year ago on July 18, 2024. The exploit was attributed to the notorious North Korea-linked Lazarus group.
Markets enter February following a volatile final trading day of January that saw investors grappling with hotter-than-expected inflation data alongside…
