tl;dr
Indian cryptocurrency exchange CoinDCX suffered a security breach resulting in a loss of $44.2 million in digital assets. The attack involved siphoning funds from an internal operational account used for liquidity provisioning, with some stolen tokens moved from Solana to Ethereum. CEO Sumit Gupta c...
One of the largest cryptocurrency exchanges in India, CoinDCX, recently experienced a significant security breach resulting in the loss of $44.2 million worth of digital assets. The incident was first highlighted by the pseudonymous on-chain investigator ZachXBT on Telegram, who detailed that an attacker siphoned funds from the exchange and bridged some of the stolen tokens from Solana (SOL) to Ethereum (ETH).
Sumit Gupta, CoinDCX co-founder and CEO, confirmed the unauthorized withdrawals in a post on social media platform X. He explained that the breach targeted an internal operational account used exclusively for liquidity provisioning on a partner exchange. Gupta assured users that the wallets containing customer assets were unaffected and remain secure.
Following the breach, CoinDCX acted quickly to contain the situation, working to patch security vulnerabilities, trace the stolen funds, and recover the assets. Gupta emphasized that since the compromised accounts are segregated from customer wallets, the financial exposure is limited to that specific account and will be fully absorbed by the company’s treasury reserves.
Despite these reassurances, ZachXBT criticized CoinDCX for delaying disclosure, stating that the exchange waited 17 hours before announcing the hack publicly. He further alleged that CoinDCX might have been attempting to manipulate social media perception during that time. The incident raises important questions about transparency and security practices within major crypto exchanges, underscoring the fragile nature of digital asset custody even among established platforms.