CoinDCX Suffers $44.2 Million Hack, User Funds Reportedly Unaffected

Indian cryptocurrency exchange CoinDCX has reportedly fallen victim to a hack resulting in losses estimated at $44.2 million. The breach was first flagged by blockchain analyst ZachXBT and security firm Cyvers. CoinDCX’s CEO has since confirmed that the hack involved one of the exchange's internal wallets, while assuring users that customer funds remain secure.

Hack Traced to Tornado Cash and Cross-Chain Transactions

According to ZachXBT, the attacker initially received just 1 ETH via the crypto anonymization tool Tornado Cash. From there, they initiated a series of transfers, moving assets from the Solana network to Ethereum, suggesting a sophisticated cross-chain laundering operation.

On-chain data reveals that the stolen funds were routed through multiple wallets and protocols. Notably, the compromised wallet was not part of CoinDCX’s publicly disclosed proof-of-reserves, making it difficult to trace without manual investigation.

Growing Threats to Centralized Exchanges

In a statement to BeInCrypto, Cyvers noted that this attack is part of a broader trend affecting centralized crypto platforms. Similar breaches have recently impacted exchanges like Bybit and WazirX.

Cyvers’ CTO Meir Dolev emphasized that more than 65% of Web3 losses in Q2 2024 were linked to centralized exchange (CEX) security failures, particularly wallet access breaches. Nearly $500 million has been lost to such .

CoinDCX Confirms Internal Breach, Investigates Further

CoinDCX co-founder and CEO Sumit Gupta confirmed the breach shortly after ZachXBT’s report. He clarified that the affected wallet was used for liquidity operations with a partner exchange and did not involve customer holdings.

The exchange has since frozen the compromised internal systems and launched an investigation into the server-level breach. Security experts have been engaged to analyze the incident and bolster defenses.

Cyvers Alerts was the first to detect suspicious withdrawals from CoinDCX’s hot wallet, noting the rapid movement of funds across multiple wallets—a method designed to obscure tracking efforts.