CoinDCX Didn’t Announce Its $44M Hack; An Outsider Had To
In another major blow to India’s homegrown crypto exchange industry, CoinDCX has been hit by a sophisticated exploit that drained approximately $44.2 million from an internal hot wallet. The incident, reminiscent of the security challenges faced by rival WazirX, went undisclosed publicly for nearly 17 hours.
The breach was ultimately exposed not by the company, but by independent , raising serious questions about transparency and incident handling at one of the country’s largest exchanges.
ZachXBT revealed that the attacker’s trail began with just 1 ETH from the mixing service Tornado Cash. From there, the hacker used bridges to move stolen assets from Solana to Ethereum.
The targeted wallet was not listed in CoinDCX’s published proof-of-reserves and had no public tag, making the breach difficult for the public to detect. ZachXBT noted he had to manually trace transactions to connect the untagged wallet back to CoinDCX.
Following ZachXBT’s public disclosure, CoinDCX CEO Sumit Gupta issued a statement on social media.
He admitted that an internal account used for providing liquidity on a partner exchange had been breached due to a “sophisticated server attack.”
Gupta was quick to reassure users that no customer funds were affected and that all losses would be covered by the company’s treasury. He stated that the affected wallet was isolated and that all trading and withdrawal services remain fully operational.
has promised to launch a bug bounty program to uncover additional vulnerabilities and enhance platform defenses. Moreover, the team is with the unnamed partner exchange to trace the flow of funds and identify any overlooked risks.
This incident serves as a wake-up call for the broader crypto industry. Transparency, rapid communication, and airtight infrastructure are no longer optional. They are critical to maintaining trust. While no customer assets were harmed, the delay in disclosure raises important questions about accountability in times of crisis.
