CoinDCX’s $44.2M Breach via Cross-Chain Bridges Linked to Operational Wallet Compromise

Generated by AI AgentCoin World
Monday, Jul 28, 2025 2:07 am ET2min read
ETH
--
SOL
--
USDT
--
Aime RobotAime Summary

- CoinDCX, India’s second-largest crypto exchange, confirmed a $44.2M breach via cross-chain bridges on July 19, 2025, involving 4,443 ETH and 155,830 SOL.

- The attack exploited an operational wallet linked to a third-party platform, echoing the 2024 WazirX hack and raising concerns about systemic security flaws.

- CoinDCX isolated the compromised wallet, notified CERT-In, and launched a 25% bounty for recovered funds, contrasting WazirX’s opaque response.

- The incident highlights India’s crypto regulatory gaps and intensifies scrutiny amid global crackdowns, with smaller exchanges accelerating audits and insurance reviews.

CoinDCX, India’s second-largest cryptocurrency exchange, confirmed a $44.2 million (₹368 crore) breach from its corporate treasury on July 19, 2025, marking one of the most significant security incidents in the country’s crypto space this year. The compromised funds were reportedly transferred via cross-chain bridges between

Solana
and
Ethereum
, consolidating into 4,443 ETH (approx. ₹130 crore) and 155,830 SOL (approx. ₹238 crore). While customer assets remained untouched, the incident has reignited concerns about operational vulnerabilities and parallels with the 2024 WazirX hack, which saw $230 million stolen under eerily similar circumstances [1].

The breach originated from unauthorized access to an internal operational wallet used for liquidity provisioning on a third-party partner platform. CoinDCX’s CEO, Sumit Gupta, emphasized that the attack highlighted the need for systemic upgrades in infrastructure security. The company responded swiftly by isolating the compromised wallet, notifying India’s cybersecurity agency CERT-In, and engaging blockchain security firms to track the stolen assets. It also launched a recovery bounty program, offering up to 25% of any recovered funds to ethical hackers or researchers. By July 21, the platform had rolled out measures to stabilize server performance after temporary outages linked to user withdrawal attempts [1].

The incident has drawn comparisons to WazirX’s 2024 breach, particularly in timing and pre-hack patterns. Both attacks occurred around the same time of year, with users reporting withdrawal delays and regulatory-related restrictions in the weeks prior. Suspicion has fallen on the Lazarus Group, a North Korea-backed hacking collective linked to high-profile crypto exploits. An anonymous source with knowledge of the situation suggested CoinDCX’s pre-hack actions—such as delisting over 100 margin trading pairs and disabling support emails—mirrored tactics seen at WazirX. The source claimed these moves could have been part of a broader strategy to manipulate user assets, including forced exits into

USDT
at unfavorable rates, to offset potential losses [1].

CoinDCX’s handling of the crisis has contrasted with WazirX’s opaque response. The exchange absorbed the entire loss from its corporate treasury, ensuring no user reimbursements or service interruptions. Its proactive transparency, including a detailed timeline of the breach and recovery efforts, has garnered cautious praise from industry observers. However, the incident underscores persistent gaps in cross-chain liquidity provisioning and operational wallet security. Analysts note that India’s lack of a comprehensive crypto regulatory framework complicates broader systemic reforms, despite CERT-In’s involvement [1].

The breach is likely to intensify regulatory scrutiny, especially as exchanges navigate a crypto winter marked by tighter tax laws and global crackdowns. CoinDCX, which processed $492 million in spot trading volume in May 2025 alone, has signaled a commitment to rebuilding stronger infrastructure. Smaller Indian exchanges are reportedly accelerating internal audits and reviewing insurance policies, many of which exclude coverage for internal wallet breaches [1].

While the stolen funds remain dormant on-chain, the focus now shifts to whether perpetrators will be identified, how effectively the assets can be frozen, and what long-term security measures will emerge. The incident serves as a stark reminder of the evolving sophistication of cyberattacks and the urgent need for robust risk management in the crypto sector.

Source: [1] [Inside CoinDCX’s $44M Breach: What Really Happened and Why It Feels Too Familiar] [https://coinmarketcap.com/community/articles/68870e5673c5052668338fc1/]