National Times Bureau: In a significant blow to India’s crypto ecosystem, leading cryptocurrency exchange CoinDCX has reported a major security breach that led to the loss of approximately $44 million (around ₹378 crore). The platform clarified that the breach did not impact customer funds, which remain safe and accessible.
The breach occurred on July 19, targeting an internal operational account used exclusively for providing liquidity on a partner exchange. CoinDCX, in an incident report released on Sunday, said the account was compromised through a “sophisticated server breach.” The attacker gained unauthorized access to the liquidity infrastructure, allowing them to siphon off millions in crypto assets.
The funds were routed through several digital “hops” before reaching two wallets. CoinDCX stated that the hacker used the Solana-Ethereum bridge via Wormhole and Jupiter as the swap aggregator. Transfers were executed in systematic batches of 1,000 to 4,000 SOL tokens, signaling a well-planned attack. Eventually, the stolen funds were converted to Ethereum and pooled into a single wallet holding approximately 4,443 ETH (worth about $15.7 million). Another wallet on the Solana network remains dormant, containing 155,830 SOL (around $27.6 million).
Despite the scale of the breach, CoinDCX confirmed it had contained the incident by isolating the affected operational account. The company assured users that all trading services remain active and customer portfolios are secure. It emphasized that its internal reserves will cover the entire loss and reiterated that user wallets are stored separately in multi-layered cold storage systems, unaffected by the breach.
CoinDCX is currently conducting a detailed forensic investigation with the help of two international cybersecurity firms. The company has also notified the Indian Computer Emergency Response Team (CERT-In) for further action.
This breach adds to the growing list of cyberattacks in the crypto sector. Last year, rival exchange WazirX was hit by a massive hack in which over $230 million was stolen from user wallets. Globally, the crypto industry has lost billions in similar incidents, with 2022 being the worst year on record, witnessing thefts amounting to $3.8 billion. High-profile hacks have included the $625 million Ronin Network breach in March 2022 and the $570 million Binance exploit in October 2022.
While CoinDCX has taken immediate steps to address the current breach, the incident underscores ongoing vulnerabilities in crypto infrastructure and the need for tighter digital security across the sector.
