India’s leading crypto exchange, CoinDCX, has recently confirmed that it fell victim to a security breach where hackers managed to compromise one of its internal operational accounts, resulting in the theft of millions in crypto assets. The breach was disclosed by CoinDCX co-founder and CEO Sumit Gupta, who reassured customers that their funds remained secure and unaffected.
According to reports from crypto security researcher ZachXBT, approximately $44.2 million was siphoned from CoinDCX’s account during the breach. The attacker used Ethereum Tornado Cash to fund their address and later transferred a portion of the stolen funds from Solana to Ethereum. CoinDCX verified the loss amount and mentioned that the stolen funds were converted into 4,443 Ethereum and 155,830 Solana, which currently remain dormant in the hacker’s wallets. The exchange is currently collaborating with India’s Computer Emergency Response Team (CERT-In) and partner exchanges to investigate the incident thoroughly.
CoinDCX, registered with the government’s Financial Intelligence Unit, caters to over 16 million users and offers access to a wide range of crypto assets. Despite the breach, Gupta emphasized that customer assets were not impacted as the breach was limited to the specific operational account. The company is taking full responsibility for the incident and is using its treasury reserves to cover the losses.
To recover the stolen funds and track down the attackers, CoinDCX has introduced a “recovery bounty” program that offers up to 25% of the recovered funds as a reward to individuals who assist in tracing and retrieving the stolen crypto. Gupta stressed the importance of identifying and apprehending the attackers to prevent similar incidents in the future.
This security breach incident comes on the heels of a similar breach at Indian crypto exchange WazirX, where $230 million was lost, leading to a trading halt. While it remains unclear if there is any connection between the two incidents, CoinDCX is focused on enhancing its security measures and ensuring the safety of its users’ assets in the wake of this breach.
