Thomas Daniels
Indian cryptocurrency exchange CoinDCX fell victim to a sophisticated cybersecurity breach on Friday, resulting in a loss of approximately $44 million, CEO and co‑founder Sumit Gupta disclosed Saturday. Attackers exploited an internal “liquidity provision” account connected to another exchange, compromising its server infrastructure.
Custodial wallets holding user assets remained unaffected. Gupta emphasized that all customer funds are secure:
“The incident was quickly contained by isolating the affected operational account. Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us, from our own treasury reserves.”
On‑chain investigator ZachXBT traced the stolen funds: the attacker’s address was seeded with 1 ETH (~$3,543) via Tornado Cash, then bridged from Solana to Ethereum. Cointelegraph sought comment from CoinDCX, but received no response before publication.
This breach echoes a similar incident exactly one year prior, when fellow Indian platform WazirX was robbed of $235 million—underscoring the ongoing cybersecurity challenges confronting the crypto industry .
In related attacks over the past month:
- Iranian exchange Nobitex lost $100 million on June 18 following a politically motivated hack by the “Gonjeshke Darande” pro‑Israel group, which later leaked the platform’s source code .
- GMX V1 (Arbitrum blockchain) suffered a $40 million exploit on July 9, though the hacker returned all funds in exchange for a $5 million bounty .
- DeFi platform Arcadia Finance saw a $3.5 million smart contract breach just this week .
These incidents contribute to total crypto losses reaching $2.5 billion in H1 2025, although CertiK reports a decline in Q2 hacks .
