According to Cyvers, a hack was detected at the Indian centralized exchange CoinDCX, resulting in the theft of approximately $44.2 million in USDC and USDT from one of its operational wallets on Solana.
Official Confirmation and Initial Exchange Response
The blockchain security firm Cyvers said its system detected a hack into the Indian centralized exchange, CoinDCX. The hacker(s) is thought to have stolen around $44.2 million in USDC and USDT from one of the exchange’s operational wallets on Solana. The hacker funded the attack with 1 ETH from Tornado Cash. Part of the funds ($15.8 million) was moved to Ethereum via a bridge.
The hack was confirmed by online sleuth ZachXBT, who also noted that the affected hot wallet is not publicly tagged or included in current proof of reserves. While the breach was first detected late on July 18, CoinDCX confirmed the incident on July 19 via X, formerly Twitter.
In the social media post, Sumit Gupta, CoinDCX CEO, said that one of the exchange’s internal operational accounts was compromised after a “sophisticated” server breach. Gupta, however, stated that wallets used to store customer assets were not impacted and are “completely safe,” adding that all trading activity and withdrawals remain fully operational. Gupta also outlined steps CoinDCX has taken since confirming the breach.
“Our internal security and operations teams have been working diligently along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities and trace the movement of funds. We are collaborating with other exchange partners to block and recover assets, including launching a bug bounty program soon,” Gupta stated.
Meanwhile, in a statement to Bitcoin.com news, Cyvers CTO Meir Dolev said the latest attack is a stark reminder that centralized platforms remain prime targets for sophisticated access control attacks. It suggested that attacks targeting WazirX, Bybit, and CoinDCX all point to a fundamental problem with the security systems used by centralized exchanges.
“In Q2 2024 alone, over 65% of losses in Web3 originated from CEX-related incidents, with nearly $500 million lost due to wallet access breaches. These are not isolated events; they’re systemic weaknesses. We urge exchanges to rethink their security posture and move beyond reactive defenses,” Dolev said.
