A massive $44 million heist has rocked the Indian crypto world after hackers breached CoinDCX, one of the country’s leading exchanges. The attack specifically targeted an internal account used for liquidity provisioning on a partner exchange. Not customer wallets. Thank goodness for small mercies.
Here’s the kicker – the breach went unnoticed for a whopping 17 hours. It wasn’t even CoinDCX that spotted it. A blockchain investigator named ZachXBT connected the dots and publicly identified the exploited wallet. The attacker cleverly moved some of the stolen funds by bridging from Solana to Ethereum. Talk about awkward. The attackers weren’t exactly subtle either, funding their address with 1 ETH from Tornado Cash before making off with the loot.
Once alerted, CoinDCX sprang into action. They isolated the compromised account, initiated security reviews, and patched vulnerabilities. The hack occurred due to a sophisticated server breach that compromised their internal systems. CEO Sumit Gupta rushed to assure everyone that user withdrawals remained fully functional. No customer funds were touched. The company is working with its partner exchange to block and recover stolen assets. Fat chance of that happening.
The exchange has promised to absorb the entire $44 million loss from its treasury reserves. No user will bear the financial burden – just CoinDCX’s balance sheet. Still, the damage to reputation? Immeasurable. Many experts suggest using hardware wallets for maximum security since they keep private keys completely offline and safe from such breaches.
Security researchers weren’t impressed with the 17-hour disclosure delay. Not a good look for transparency. The hackers exploited server vulnerabilities and used privacy tools to obscure transactions, bouncing funds between blockchains to cover their tracks.
This breach marks the second major crypto heist in India’s recent history, coming almost exactly a year after WazirX lost a staggering $235 million. The timing couldn’t be worse. Confidence in centralized exchanges is wavering, with many traders now questioning whether self-custody wallets might be the safer bet.
The attack has reignited debates about security and regulatory protection in India’s crypto sector. No arrests have been made. The investigation continues.
