According to a report by ZachXBT on July 20, the Indian centralized exchange 'CoinDCX' appears to have been hacked, with losses amounting to approximately $44.2 million. The attacker's address initially obtained 1 ETH in funds from Tornado Cash and subsequently bridged some of the stolen funds from Solana to Ethereum. The affected CoinDCX hot wallet was not publicly marked and was not included in the current proof of reserves, requiring manual attribution through counterparty analysis.
In response, CoinDCX CEO Sumit Gupta tweeted that an internal operational account (used solely for providing liquidity on partner exchanges) was compromised due to a complex server vulnerability. The CoinDCX wallet used for storing customer assets was unaffected and is completely secure. He emphasized that no customer funds were impacted, and user assets remain absolutely safe in secure cold wallet infrastructure, with all trading activities and INR withdrawals proceeding normally. The official internal security and operations teams are collaborating around the clock with cybersecurity partners to investigate the matter, patch any vulnerabilities, and track the flow of funds. CoinDCX is working with exchanges to freeze and recover assets, including an upcoming bug bounty program.
