India’s largest cryptocurrency exchange, CoinDCX, is back online following a $44 million breach that exposed critical gaps in its internal infrastructure. While no customer funds were affected, the hack has reignited debates around transparency, wallet hygiene, and proof-of-reserve practices in the fast-growing Indian crypto market.
The exploit was first flagged by blockchain sleuth ZachXBT, who traced it to an attacker funded via Tornado Cash, a U.S.-sanctioned crypto mixer. The hacker reportedly bridged the stolen funds from Solana (SOL) to Ethereum (ETH) using anonymized wallets—signaling a well-coordinated operation.
ZachXBT Uncovers the Breach
Independent on-chain investigator ZachXBT publicly identified the suspicious activity 17 hours before CoinDCX disclosed the hack. The attacker’s wallet received 1 ETH from Tornado Cash, then siphoned funds from an untitled CoinDCX hot wallet, which lacked proper labeling and public documentation.
Security firm Cyvers Alerts, based in Tel Aviv, flagged the anomalous withdrawals and attributed the exploit to weaknesses in operational wallet controls.
Customer Funds Were Never At Risk
CoinDCX CEO Sumit Gupta addressed the situation directly:
“No customer funds have been impacted. Your assets remain completely safe and protected in our secure cold wallet infrastructure.”
Gupta emphasized that the hack affected only an internal operational account used to provide liquidity on a third-party exchange—not end-user wallets or deposit addresses. The compromised wallet was immediately isolated, minimizing the damage and risk.
Trading and INR Withdrawals Now Fully Functional
After a temporary halt on withdrawals and trading activities during the investigation, CoinDCX has now restored full platform functionality, including INR withdrawals.
“Trading and INR withdrawals on CoinDCX are fully operational and running smoothly,” Gupta confirmed.
He also urged users not to panic sell, cautioning that “hasty decisions often lead to poor prices and unnecessary losses.”
What’s Next for CoinDCX?
In response to the incident, CoinDCX is taking a multi-pronged approach to bolster platform security:
-
Bug Bounty Program: A new initiative will reward ethical hackers for identifying vulnerabilities.
-
Infrastructure Overhaul: Operational wallet architecture and security policies will be reviewed.
-
Asset Recovery: CoinDCX is working with partner exchanges and on-chain investigators to track and recover the stolen funds.
“Every security incident is a learning, and we will learn from this and further strengthen our platform,” Gupta added.
Bigger Questions for the Industry
The CoinDCX hack comes amid growing scrutiny of hot wallet practices, especially in regions where crypto adoption is rising fast but regulatory clarity remains in flux. As India’s largest exchange, CoinDCX’s transparency and recovery will likely shape how Indian regulators and users evaluate crypto security moving forward.
Stay updated with all crypto developments — TheCoinInfo has you covered.
