India’s second-largest cryptocurrency trade, CoinDCX, confirmed a classy safety breach on July 19, 2025, leading to roughly $44.2 million being stolen from the platform.
This incident marks one other vital cyberattack on India’s crypto infrastructure, coming precisely one yr after the devastating WazirX hack that value buyers $235 million.
Key Takeaways1. CoinDCX misplaced $44.2 million to hackers who breached an inside liquidity account.2. Buyer funds are protected; CoinDCX will cowl all losses from its personal reserves.3. This follows final yr’s $235 million WazirX hack, highlighting India’s crypto safety dangers.
CoinDCX Breach: Operational Funds Stolen
Firstpost reviews that the assault focused CoinDCX’s inside operational account used solely for liquidity provisioning on accomplice exchanges.
Co-founder and CEO Sumit Gupta confirmed that hackers exploited a server-side vulnerability to achieve unauthorized entry to the platform’s infrastructure.
The breach was first recognized by moral hacker ZachXBT via his Telegram channel, although CoinDCX’s official affirmation got here 17 hours later.
Our system has detected a hack into @CoinDCX centralized trade 20 hours in the past.Here is what we all know:– The hacker stole round $44.2M in USDC/USDT from one of many trade’s operational wallets on Solana.– The hacker funded the hack with 1 ETH from Twister Money.– A part of the… pic.twitter.com/5PLliaZ6m4— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 19, 2025
The stolen funds consisted primarily of stablecoins that had been systematically moved from the Solana blockchain to Ethereum.
Safety evaluation revealed that the attacker had pre-funded their pockets with 1 ETH by way of Twister Money, a cryptocurrency mixing service designed to obfuscate transaction trails.
The funds had been subsequently routed via a number of sensible contract interactions earlier than being laundered via decentralized exchanges, making restoration efforts considerably tougher.
The assault demonstrates the inherent vulnerabilities in sizzling pockets infrastructure used for lively buying and selling operations.
In contrast to chilly storage wallets that stay offline, sizzling wallets keep fixed web connectivity for liquidity administration, creating potential assault vectors for stylish hackers.
The breach occurred via a non-public key compromise, permitting attackers to authorize transactions from the affected pockets with out triggering multi-signature safety protocols.
CoinDCX emphasised that buyer funds remained safe in segregated chilly storage programs, protected by {hardware} safety modules (HSMs) and multi-signature authentication.
The trade briefly suspended its Web3 providers and DeFi integrations as a precautionary measure whereas conducting forensic evaluation.
Buying and selling operations resumed inside hours, with enhanced monitoring protocols carried out throughout all API endpoints and transaction validation programs.
This incident highlights important safety gaps in India’s cryptocurrency ecosystem, the place regulatory oversight stays restricted.
The assault sample mirrors earlier crypto trade breaches, notably the methodology utilized by North Korean hacking teams like Lazarus Group, who’ve been linked to over $2 billion in cryptocurrency thefts globally.
CoinDCX has filed an FIR with native authorities and engaged main cybersecurity companies to strengthen their infrastructure.
The trade is implementing further safety layers together with zero-trust structure, enhanced intrusion detection programs, and improved pockets segregation protocols.
Trade specialists suggest necessary insurance coverage protection and standardized safety audits for all cryptocurrency platforms working in India to forestall related incidents and defend investor pursuits.
Enhance detection, cut back alert fatigue, speed up response; all with an interactive sandbox constructed for safety groups -> Attempt ANY.RUN Now
