CoinDCX Loses $44.2 Million in Server Attack

Generated by AI AgentCoin World
Sunday, Jul 20, 2025 3:41 pm ET1min read
Aime RobotAime Summary

- Indian crypto exchange CoinDCX suffered a $44.2M server breach via Tornado Cash, obscuring stolen Solana-to-Ethereum stablecoin transfers.

- CEO Sumit Gupta confirmed the attack targeted internal accounts, not user funds, with trading continuing and no customer assets at risk.

- CoinDCX pledged to absorb losses, launched a bug bounty program, and collaborated with exchanges to trace funds after temporary server access issues.

- Regulators raised concerns over Tornado Cash use, contrasting CoinDCX's full-loss absorption with WazirX's partial compensation after a $230M 2024 breach.

CoinDCX, one of India’s largest cryptocurrency exchanges, has recently fallen victim to a significant security breach, resulting in a loss of approximately $44.2 million. The incident was first brought to light by Cyvers, a cybersecurity firm that monitors blockchain transactions, rather than an immediate announcement from the exchange itself. The breach involved a sophisticated server attack, where the hacker utilized Tornado Cash to obscure their tracks and transferred the stolen stablecoins from the Solana blockchain to Ethereum, complicating the tracing of the stolen funds.

Sumit Gupta, the CEO of CoinDCX, confirmed the incident on social media, emphasizing that the breach affected an internal operational account and not the wallets holding customer assets. He assured users that their funds remain secure and that trading and withdrawals are continuing as usual. The company, along with external experts, is working diligently to investigate the incident, seal security vulnerabilities, and trace the path of the lost money. CoinDCX is also collaborating with other exchanges to intercept any further attempts by the hacker to transfer the stolen funds. Additionally, Gupta announced the upcoming introduction of a bug bounty program, offering compensation to ethical hackers who help identify system vulnerabilities.

Despite these assurances, some CoinDCX users reported difficulties accessing their portfolios immediately after the breach was confirmed. The co-founder, Neeraj Khandelwal, attributed this to a sudden surge in server traffic and assured that the team had increased server capacity to support additional users and prevent further disruptions. The hacker's use of Tornado Cash, a mixing service often employed by criminals to conceal illicit funds, has raised concerns among regulators, some of whom have prohibited its use.

This incident is not the first time an Indian cryptocurrency exchange has suffered a substantial loss. Last year, another major exchange, WazirX, lost approximately $230 million in a cyberattack. Unlike CoinDCX, WazirX suspended withdrawals and deposits and offered partial compensation, a move that was widely criticized by users. In contrast, CoinDCX has vowed to absorb the entire loss, ensuring that users will not bear any financial burden. Established in 2018, CoinDCX has grown to serve over 16 million users and processed nearly half a billion dollars in spot trades in May 2025, primarily in Bitcoin and Ethereum.

Gupta reiterated that trading and withdrawals are proceeding smoothly and that the security teams, with the assistance of leading cybersecurity specialists, are working around the clock to address the vulnerabilities in their system. This proactive approach aims to restore user confidence and prevent future security breaches. The exchange's commitment to absorbing the loss and enhancing its security measures underscores its dedication to protecting user assets and maintaining the integrity of its platform.

Comments



Add a public comment...
No comments

No comments yet