Indian crypto giant CoinDCX has fallen victim to a major hack—losing $44 million in the process. The breach hit an internal operational account used for liquidity provisioning, not customer wallets. CEO Sumit Gupta confirmed that no user funds were touched and operations remain stable. He stated the loss would be covered from the exchange’s own treasury. The speed of the attack and the stealth behind it point to an increasingly sophisticated crypto crime landscape.
The breach was detected roughly 17 hours after it began—first spotted by on-chain investigator ZachXBT, who traced the attacker’s wallet activity. In just minutes, Gupta acknowledged the situation publicly. His post emphasized that the compromised account was isolated quickly, and customer wallets were never at risk. CoinDCX insists it acted fast, with all trading and INR withdrawals remaining unaffected.
CoinDCX Strengthens Security After Breach
After the breach, CoinDCX launched a full-scale investigation with top cybersecurity firms. The team is now hunting for the root cause and working closely with their partner exchange to freeze or recover the stolen funds. Gupta also revealed plans to introduce a bug bounty program soon, inviting white-hat hackers to find and report vulnerabilities before bad actors do.
Despite having a robust framework already in place, the Ethereum-based exploit proved the evolving risk in today’s digital finance world. The attacker received 1 ETH through Tornado Cash, a popular tool for hiding blockchain transactions. He later moved some funds across chains—from Solana to Ethereum—further complicating tracking efforts. These moves suggest this wasn’t the work of amateurs.
CoinDCX aims to upgrade its internal review systems, wallet access control, and real-time monitoring. More transparency may follow, especially since CoinDCX already posts monthly proof-of-reserve reports. While customers weren’t harmed, the company knows it must rebuild trust.
ZachXBT Traces the Ethereum Clues
Blockchain sleuth ZachXBT played a key role in uncovering the exploit. He noticed strange activity when an address tied to Tornado Cash sent exactly 1 Ethereum to a wallet later linked to the hack. Then, a portion of the stolen crypto crossed bridges—from Solana to Ethereum—to obscure the trail.
This type of movement is often linked to professional groups. Though no official confirmation has been given, the tactics are reminiscent of the Lazarus Group, the infamous North Korean state-sponsored hacker collective. One year ago, WazirX, another Indian exchange, lost over $230 million—an attack traced back to Lazarus. CoinDCX’s breach happened almost to the day of that earlier hack.
Gupta didn’t directly name the group but acknowledged that the attack was well-planned and highly advanced. Investigators are still analyzing wallet trails and cross-chain movements. The possibility of Lazarus involvement keeps the pressure high on Indian exchanges to beef up security.
CoinDCX’s Reputation on the Line
CoinDCX has spent years building its reputation as a reliable and secure crypto platform. With nearly 20 million users, a $2.15 billion valuation, and a recent acquisition of BitOasis in Dubai, its ambitions are global. But this hack puts a dent in its image—especially after CEO Sumit Gupta once claimed such incidents were “unlikely” on their platform.
The exchange’s tight stance on crypto withdrawals, often criticized by users, may have actually helped contain the damage. Withdrawals are only enabled after rigorous internal checks. That may have limited the hacker’s ability to move funds freely once the exploit began.
CoinDCX also maintains a $7 million protection fund for emergencies, according to its most recent proof-of-reserves report. While this doesn’t cover the full $44 million loss, the company insists that all funds will be absorbed internally, with no user bearing any loss. Now, with the hack public, all eyes are on how CoinDCX will restore trust and enhance defenses.
Lazarus, Ethereum, and the Road Ahead
While the hacker’s identity remains unknown, the mix of Ethereum transactions, Tornado Cash, and cross-chain bridging raises serious red flags. The Lazarus Group has used similar methods before. Until a full attribution is made, speculation will continue—and so will the pressure on exchanges like CoinDCX.
This attack is a wake-up call not just for CoinDCX, but for the entire crypto ecosystem. Decentralized finance platforms and centralized exchanges alike are now prime targets. As bridges between chains evolve, so do hacker tactics. It’s no longer a question of if an exchange will be targeted—but when.
CoinDCX’s next steps will be critical. Their promise to upgrade security and explore bounties is a start. But in the eyes of users and regulators, only time will tell if it’s enough to stay ahead of the next sophisticated breach.
