Ethereum News Today: CoinDCX Hacked $44 Million, Customer Funds Safe, Industry Calls for Stronger Safeguards

Generated by AI AgentCoin World
Monday, Jul 21, 2025 10:17 am ET2min read
Aime RobotAime Summary

- CoinDCX confirmed a $44 million hack on July 19, 2025, but assured customer funds remain safe.

- The exchange launched a bounty program offering up to $11 million for tracing stolen assets, reigniting calls for stronger centralized exchange security.

- Attackers used Tornado Cash and cross-chain bridges, mirroring Lazarus Group tactics seen in past breaches like WazirX’s $230 million loss.

- Industry experts urge self-custody solutions and regulatory collaboration to address recurring vulnerabilities in crypto infrastructure.

Indian crypto exchange CoinDCX confirmed a $44 million hack on July 19, 2025, which affected an internal liquidity account. The exchange assured that customer funds remained safe and launched a bounty program offering up to 25 percent of recovered funds, with a potential payout of $11 million to those who assist in tracing the stolen assets. The breach has reignited concerns about centralized exchange security, following last year’s $230 million WazirX hack, and has prompted calls for stronger industry safeguards.

The breach was first flagged by on-chain analyst ZachXBT on Telegram, who noticed suspicious fund movements. The attacker reportedly used 1 ETH from crypto mixer Tornado Cash to initiate the exploit, eventually bridging more than $15 million to

Ethereum
from
Solana
. The targeted account was used solely for liquidity provisioning on a partner exchange and did not impact any customer wallets, according to the exchange. CoinDCX CEO Sumit Gupta confirmed the breach and assured that customer funds were unaffected, stating that the exchange was "fully absorbing" the loss from its treasury reserves.

CoinDCX is now calling on ethical hackers, white-hat researchers, and blockchain sleuths to trace the stolen funds and help bring the attackers to justice. The exchange emphasized that cybercrime is an attack on trust and that protecting what can still be saved is crucial. Blockchain analysis firm Cyvers initially traced the stolen funds to two wallets: $27.7 million in a Solana address, while $15.8 million was bridged to Ethereum. Now, around $43.4 million has been moved to an Ethereum address, according to Cyvers.

This hack is part of a recent wave of exchange breaches, including Bybit and WazirX, which are stark reminders that centralized platforms remain prime targets for sophisticated access control attacks. The attack pattern exhibits notable similarities to past operations attributed to the Lazarus Group, including the use of cross-chain bridges, obfuscation through Tornado Cash, targeting of centralized infrastructure, and a deep understanding of liquidity operations. Deddy Lavid, CEO at Cyvers, highlighted these similarities in a statement.

CoinDCX co-founder Neeraj Khandelwal addressed trading concerns, tweeting that prices are gradually normalizing automatically and that the community is moving in the right direction. The exchange has partnered with cybersecurity firms Sygnia, zeroShadow, and Seal911 for recovery efforts and has reported the incident to India's Computer Emergency Response Team. Industry experts have emphasized the need for stronger security measures in the decentralized digital asset ecosystem, with some calling for self-custody solutions and others suggesting collaboration between regulators and exchanges to enhance safeguards for users and their assets.

The CoinDCX breach occurred almost exactly one year after the July hack that crippled WazirX, then India’s largest crypto exchange, resulting in the loss of approximately $235 million. That exploit forced WazirX into a long and complex legal process, raising concerns across the industry about crisis transparency and user protections. In February, Gupta had criticized WazirX’s handling of the incident, writing that the best way to protect the ecosystem is to learn openly. While a Singapore court initially rejected WazirX’s proposed restructuring plan, that order was set aside earlier this month, granting the exchange another chance to salvage its operations. The court extended the moratorium period by two months, and users will now be invited to re-vote on an amended scheme submitted during the latest hearing.