Indian Exchange CoinDCX Suffers $44M Hack; CEO Says Customers Funds Safe

Indian cryptocurrency exchange CoinDCX recently experienced a breach in one of its internal accounts, resulting in a loss of $44 million. However, the company reassured its customers that no user funds were affected, and the security of customer assets remains intact.

CoinDCX Breach Linked to Operational Account

CoinDCX CEO Sumit Gupta confirmed that the breach occurred in an internal operational account, which is used exclusively for liquidity provisioning with a partner exchange. According to Gupta, the breach was caused by a sophisticated server attack.

The company responded promptly by putting the affected account in isolation to reduce possible exposure. Gupta stressed that the affected account did not have access to customer wallets in any way thus customer money was never jeopardized. This hack follows this week’s major exploit on crypto trading platform BigONE which lost over $27 million in user funds.

“Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us, from our own treasury reserves,” Gupta said in an X post. This approach ensured that no customer funds were impacted, and all services, including trading and INR withdrawals, continued without interruption.

Investigation and Security Measures

Following the breach, CoinDCX’s internal security team, in collaboration with leading cybersecurity experts, began investigating the incident.

The emphasis is put on discovering its root cause, patching any exploits and tracking the usage of stolen assets. Moreover, the exchange is collaborating with its partner exchange to block and retrieve the drained funds.

CoinDCX has ensured that they will add to their security infrastructure to ensure such happenings never occur in the future. The company is also envisioning initiating a bug bounty program in an attempt to augment its security efforts.

Previous Cybersecurity Incidents in the Crypto Industry

This breach comes almost exactly one year after another major Indian exchange, WazirX, was hacked for $235 million. The recurring nature of these attacks highlights the ongoing cybersecurity challenges faced by the cryptocurrency industry.

ZachXBT notes that the hacker sent 1 Ethereum (ETH) to Tornado Cash. He could also traced the movement of stolen funds to other blockchain networks such as a SOL-ETH bridge. This thorough exploration has given information about the movement and tactics of the hacker and assisted CoinDCX in its attempts to pursue the money further.

However, CoinDCX has not yet disclosed the full details of how the breach occurred. Despite the breach, CoinDCX’s CEO reiterated the safety of user funds. “Your assets remain completely safe and protected in our secure cold wallet infrastructure,” Gupta reassured customers. The company has made it clear that it will absorb the losses from its own reserves, ensuring that there is no financial impact on users.