CoinDCX, India’s largest cryptocurrency exchange, has experienced a major cyberattack resulting in the loss of approximately $44.2 million in digital assets. This incident raises serious concerns regarding the security of crypto exchanges in the region.
Details of the Attack
The attack on CoinDCX occurred on July 19, targeting an internal operational account used for liquidity provisioning on a partner exchange. Blockchain researcher ZachXBT flagged suspicious activity nearly 17 hours before the company publicly acknowledged the breach. The attacker funded their wallet using Tornado Cash, with stolen funds totaling $44.2 million bridged from Solana to Ethereum.
Response and Recovery Efforts
CoinDCX is collaborating with India’s Computer Emergency Response Team (CERT-In), partner exchanges, and global cybersecurity experts to investigate the breach and trace the stolen funds. The exchange announced it will launch a recovery bounty programme, offering up to 25% of recovered assets to individuals or teams that help retrieve the funds or identify the perpetrators. CEO Sumit Gupta reassured that customer funds remain safe and the company will absorb losses from its treasury reserves.
New Security Measures and Regulatory Pressure
Following the incident, CoinDCX plans to implement multi-signature authentication and shift more assets to cold storage. Given this is the second hacking incident affecting an Indian crypto exchange this year, the occurrence may lead to intensified scrutiny from regulators concerned about security standards in the crypto industry.
The CoinDCX incident reflects the growing vulnerabilities within centralized cryptocurrency exchanges. Despite the company's strong financial resilience, the pressing need for enhanced security standards is increasingly evident.
