ALERT: India’s crypto exchange CoinDCX reportedly lost approximately $44.2 million in a security breach today (July 19, 2025), with no official disclosure beyond limited CEO statements.

Technical details of the incident reveal the attacker began with just 1 ETH sourced from Tornado Cash, a privacy-focused mixer service often used to obfuscate transaction trails, and subsequently moved stolen funds by bridging them from Solana to the Ethereum network. This cross-chain movement complicates forensic tracking, leveraging Tornado Cash’s anonymity features and multi-chain bridging technologies.

The breach targeted an internal operational "hot" wallet used by CoinDCX for liquidity on a partner exchange, not the cold wallets holding customer assets. CoinDCX CEO Sumit Gupta confirmed no customer funds were affected, and the losses are absorbed by the company’s treasury.

CoinDCX responded swiftly by restricting certain trading pairs, canceling spot orders, and suspending the Web3 wallet functionality to contain the damage. Ongoing investigations and collaboration with cybersecurity experts aim to recover stolen funds and enhance security, including the launch of a bug bounty program.

This incident underscores critical vulnerabilities in centralized crypto exchanges’ hot wallet security posture, especially regarding server compromises enabling access to internal operational accounts. The use of privacy mixers and cross-chain bridges in such hacks further complicates attribution and asset recovery efforts.

#CryptoSecurity #CoinDCXHack #TornadoCash #DeFiRisk #BlockchainSecurity #Ethereum #Solana #Cryptocurrency #CryptoExchange #Cybersecurity #BlockchainForensics #CryptoAlert #IndiaCrypto #DigitalAssets #HotWalletBreach