Technical reports have revealed that CoinDCX, one of the largest cryptocurrency exchanges in India, suffered a security breach that led to losses estimated at around $44.2 million, according to renowned blockchain investigator ZachXBT.
According to the details, the attacker began by transferring one Ethereum using the privacy protocol Tornado Cash, then moved a portion of the stolen funds from the Solana network to the Ethereum network, making it difficult to trace the transactions.
Following the attack, users on the platform noticed a halt in some trading pairs and the cancellation of instant trading orders, along with a temporary disruption in the Web3 wallet, raising widespread concerns among customers about the fate of their funds and the security of the assets stored on the platform.
Sumit Gupta, the founder and CEO of the platform, quickly reassured users through a post on platform X, confirming that the attack targeted an internal operational account used to provide liquidity to a partner exchange.
He added that the breach was the result of a server compromise and was quickly contained, emphasizing that the affected account is completely isolated from customer wallets and that their funds are safe and stored in cold wallets.
Gupta confirmed that trading and withdrawals of the Indian rupee are continuing normally, noting that CoinDCX will cover the losses from its own resources, and customers will not face any financial damage. He also announced that Web3 services were temporarily halted as a precautionary measure until security updates are completed.
Gupta explained that the platform's team is currently working with cybersecurity experts to recover the funds and enhance internal protection systems. The platform has announced the launch of a bug bounty program to identify security vulnerabilities, fully committing to transparency and keeping users informed of any future developments.
