Indian cryptocurrency exchange CoinDCX suffered a major security breach on Friday, July 18, leading to the theft of $44.2 million.
The hack, which falls on the anniversary of the massive WazirX hack, was blamed by the firm as a “sophisticated server breach.”
Latest reports suggest a malware attack was behind the breach.
The breach was first reported by ZachXBT 17 hours after the hack began.
“The attacker address was funded with 1 ETH from Tornado Cash and later bridged a portion of the stolen funds from Solana to Ethereum,” ZachXBT wrote to his followers.
Just ten minutes after publishing the post, CoinDCX CEO Sumit Gupta took to X, stating the hack was the result of a “sophisticated server breach.”
The hack compromised an operational account “used only for liquidity provisioning on a partner exchange,” Gupta said.
Gupta assured users that the hack did not impact any customer wallets and no customer funds had been compromised.
“The incident was quickly contained by isolating the affected operational account,” he added.
ZachXBT shared the update on Telegram, adding that a CoinDCX team member was reportedly asking the community to engage with the co-founder’s post and thank him.
New revelations on from the Bengaluru police have added a twist to the $44 million CoinDCX hack.
According to the latest reports, investigators now believe the breach was facilitated by malware installed on an employee’s office laptop.
The attackers reportedly lured Rahul Agarwal, a long-serving staffer, with offers of freelance work, eventually compromising the system to siphon funds across multiple wallets.
The earlier report from ZachXBT exposed the slow reaction time from CoinDCX to become transparent with the community.
Many on X responded to the CEO’s statement with criticism of the firm, claiming its reaction time contradicted its public stance on transparency.
“Y’all built this exchange on the narrative of ‘being transparent with the community’ yet it took over 18 hours to disclose a hack of more than $44M,” one X user wrote.
“Keeping people in the shadow for 17 hours is your definition of transparency?” Another added.
CoinDCX said it was working with two global cybersecurity agencies and leading blockchain forensics firms to identify the attacker and recover the assets.
The exchange also announced the forthcoming launch of a Recovery Bounty Program, inviting the community to assist in tracing the stolen funds.
The CoinDCX breach comes almost exactly one year after the WazirX hack in July 2024, when attackers made off with almost $300 million by exploiting vulnerabilities in the exchange’s withdrawal infrastructure.
At the time, WazirX faced backlash over a lack of transparency and delayed public disclosure, with parallels now being drawn in the CoinDCX case.
The breach on WazirX occurred during a backend infrastructure upgrade, which temporarily left several safeguards disabled.
By the time the vulnerability was identified, the funds had already been moved through privacy mixers and bridged across chains.
In the WazirX case, users began to speculate online about wallet anomalies and service lags hours before the exchange acknowledged any problem.
The announcement came only after on-chain analysts flagged suspicious outflows, much like how ZachXBT exposed the CoinDCX breach.