- CoinDCX lost $44 million from an internal operational account, but customer funds stayed completely safe.
- The company will cover all losses from its treasury reserves, and trading continues normally.
- Security teams are investigating the breach and working with partners to recover the stolen funds.
Indian cryptocurrency exchange CoinDCX confirmed a significant security breach that resulted in $44 million in losses from an internal operational account. The incident occurred through a sophisticated server attack targeting the exchange’s liquidity provisioning systems.
CEO Sumit Gupta disclosed the breach details, emphasizing that customer funds remained completely secure throughout the incident. The compromised account operated independently from user wallets and was used exclusively for liquidity management with partner exchanges.
CoinDCX immediately isolated the affected account to prevent further exposure. All trading operations, INR withdrawals, and customer services continued without interruption during the security response.
Internal Account Breach Details
The attack targeted CoinDCX’s operational infrastructure rather than customer-facing systems. The breached account handled liquidity provisioning activities and was completely separated from user fund storage mechanisms.
Gupta confirmed that CoinDCX will absorb the entire $44 million loss from the company’s treasury reserves. This approach ensures zero financial impact on customers while maintaining platform stability.
The exchange’s segregated account architecture proved crucial in limiting the breach’s scope. Customer wallets operate on separate security protocols, preventing unauthorized access to user cryptocurrency holdings.
Security researchers, including blockchain investigator ZachXBT, tracked the stolen funds across multiple networks. The attacker moved assets through various channels, including sending 1 Ethereum to Tornado Cash and utilizing SOL-ETH bridge protocols.
Cryptocurrency Exchange Security Response
CoinDCX deployed internal security teams alongside leading cybersecurity experts to investigate the breach. The investigation focuses on identifying attack vectors, implementing security patches, and tracing stolen asset movements.
The exchange collaborates with partner platforms to block and recover the drained funds. These recovery efforts involve cross-platform coordination and blockchain analysis tools.
CoinDCX announced plans to strengthen its security infrastructure and launch a bug bounty program. These measures aim to identify vulnerabilities before malicious actors can exploit them.
The breach represents the latest in a series of cryptocurrency exchange attacks affecting Indian platforms. WazirX suffered a $235 million hack approximately one year earlier, highlighting persistent cybersecurity challenges in the crypto industry.
BigONE exchange also experienced a major exploit this week, losing over $27 million in user funds through similar attack methods.
CoinDCX maintains customer assets in secure cold wallet infrastructure, separate from operational accounts. This separation proved effective in protecting user funds during the security incident.
The exchange has not disclosed specific technical details about how the breach occurred. Security teams continue analyzing the attack methodology to prevent similar incidents.
Disclaimer
The content shared on KryptoVaultDaily is for informational purposes only and does not constitute financial or trading advice. We do not offer guarantees and assume no responsibility for investment decisions based on the material provided. Always research and seek guidance from a licensed financial advisor before trading cryptocurrency or investing.
