Key Takeaways
- The recent CoinDCX hack was publicly revealed by on-chain investigator ZachXBT, nearly 17 hours before the firm made any official statement.
- CoinDCX claims no customer wallets were impacted, as the compromised account was limited to internal liquidity provisioning.
- Users criticized the company’s slow communication and accused it of failing its own transparency standards, mirroring the WazirX hack just one year prior.
Indian cryptocurrency exchange CoinDCX suffered a major security breach on Friday, July 18, leading to the theft of $44.2 million.
The hack, which falls on the anniversary of the massive WazirX hack, was blamed by the firm as a “sophisticated server breach.”
Top Trending Crypto Articles
CoinDCX Hack
The breach was first reported by ZachXBT 17 hours after the hack began.
“The attacker address was funded with 1 ETH from Tornado Cash and later bridged a portion of the stolen funds from Solana to Ethereum,” ZachXBT wrote to his followers.
Just ten minutes after publishing the post, CoinDCX CEO Sumit Gupta took to X, stating the hack was the result of a “sophisticated server breach.”
The hack compromised an operational account “used only for liquidity provisioning on a partner exchange,” Gupta said.
Gupta assured users that the hack did not impact any customer wallets and no customer funds had been compromised.
“The incident was quickly contained by isolating the affected operational account,” he added.
ZachXBT shared the update on Telegram, adding that a CoinDCX team member was reportedly asking the community to engage with the co-founder’s post and thank him.
Community Backlash
The earlier report from ZachXBT exposed the slow reaction time from CoinDCX to become transparent with the community.
Many on X responded to the CEO’s statement with criticism of the firm, claiming its reaction time contradicted its public stance on transparency.
“Y’all built this exchange on the narrative of ‘being transparent with the community’ yet it took over 18 hours to disclose a hack of more than $44M,” one X user wrote.
Another added: “Keeping people in the shadow for 17 hours is your definition of transparency?”
CoinDCX said it was working with two global cybersecurity agencies and leading blockchain forensics firms to identify the attacker and recover the assets.
The exchange also announced the forthcoming launch of a Recovery Bounty Program, inviting the community to assist in tracing the stolen funds.
A Year After the WazirX Hack: Déjà Vu for India’s Crypto Sector
The CoinDCX breach comes almost exactly one year after the WazirX hack in July 2024, when attackers made off with almost $300 million by exploiting vulnerabilities in the exchange’s withdrawal infrastructure.
At the time, WazirX faced backlash over a lack of transparency and delayed public disclosure, with parallels now being drawn in the CoinDCX case.
The breach on WazirX occurred during a backend infrastructure upgrade, which temporarily left several safeguards disabled.
By the time the vulnerability was identified, the funds had already been moved through privacy mixers and bridged across chains.
In the WazirX case, users began to speculate online about wallet anomalies and service lags hours before the exchange acknowledged any problem.
The announcement came only after on-chain analysts flagged suspicious outflows, much like how ZachXBT exposed the CoinDCX breach.
Top Trending Crypto Articles
Was this Article helpful?
#44M #CoinDCX #Hack #Hacker #Received #Tornado #Cash #ETH