Ethereum News Today: CoinDCX Loses $44 Million in Security Breach, Funds Laundered Across Chains

Generated by AI AgentCoin World
Saturday, Jul 19, 2025 5:51 pm ET1min read
Aime RobotAime Summary

- Indian exchange CoinDCX suffered a $44M theft via a compromised internal liquidity wallet, confirmed by CEO Sumit Gupta.

- Funds were laundered through cross-chain transfers and Tornado Cash, bypassing proof-of-reserve transparency protocols.

- Gupta assured user funds remain secure in cold storage while experts urge real-time monitoring to prevent future breaches.

- The incident highlights systemic CEX vulnerabilities, joining recent hacks at Bybit and WazirX in exposing operational risks.

- CoinDCX absorbed losses internally, emphasizing transparency as blockchain researchers trace sophisticated laundering patterns.

On Friday, the Indian cryptocurrency exchange CoinDCX experienced a significant security breach, resulting in the compromise of an internal account and the theft of approximately $44 million in USDC and USDT. The breach was detected by blockchain trackers and security firms, who flagged suspicious withdrawals from CoinDCX’s hot wallet. The funds were quickly routed through multiple wallets, complicating the tracing process.

CoinDCX’s CEO, Sumit Gupta, confirmed the incident, clarifying that the breach involved an internal wallet used for liquidity provisioning on a partner exchange, not a user-facing wallet. He assured users that their funds remain safe in cold storage. The platform has since frozen the affected internal systems and is working with security experts to contain the incident and investigate the server breach that led to the compromise.

The compromised wallet was not part of CoinDCX’s published proof-of-reserve reports, requiring manual attribution. The flow of assets suggests a coordinated cross-chain laundering strategy, with the attacker address receiving 1 ETH via Tornado Cash and then bridging funds from Solana to Ethereum. This breach is part of a recent wave of exchange breaches, serving as a stark reminder of the systemic weaknesses in centralized platforms.

Exchanges are urged to rethink their security posture and move beyond reactive defenses, implementing real-time wallet monitoring and preemptive solutions to ensure platform security. The incident highlights the ongoing vulnerability of centralized exchanges to sophisticated access control attacks. The CoinDCX hack resulted in a $44 million loss, primarily affecting operational liquidity rather than customer funds. ZachXBT, a blockchain researcher, identified the breach. Meir Dolev, Cyvers CTO, advocated for improved security protocols.

Operational losses incurred from a wallet compromised with 1 ETH from Tornado Cash. Funds were laundered through cross-chain movements. CEO Sumit Gupta reassured the community about transparency, confirming customer assets were unaffected. CoinDCX absorbed the financial impact internally, ensuring customer holdings remain intact. "Hi everyone, At CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly." Sumit Gupta, CEO, CoinDCX

Industry experts highlight the systemic weaknesses in CEX security, urging better real-time monitoring and preemptive defense systems. Current patterns indicate 65% of Web3 losses stem from centralized exchanges. Past incidents include hacks at Bybit and WazirX. The CoinDCX hack underscores the need for better industry practices and regulations. Blockchain investigator ZachXBT's efforts to trace on-chain data demonstrate the sophisticated strategies used for laundering hacked funds, signaling the high risk for CEX operations. Security enhancements are imperative.

Comments



Add a public comment...
No comments

No comments yet