CoinDCX Suffers $44.2M Hack, Criticism for Delayed Disclosure

July 19, 2025 : CoinDCX, one of India’s top crypto exchanges, confirmed a major hack involving $44.2 million. The incident targeted an internal operational wallet and was initially brought to light by on-chain investigator ZachXBT. According to his analysis, the exploit began with just 1 ETH routed through Tornado Cash, a privacy tool, before stolen assets were bridged from Solana to Ethereum.

CoinDCX CEO Sumit Gupta confirmed the hack hours after ZachXBT’s findings went public. He assured users that no customer funds were affected, as the compromised wallet was used solely for liquidity provisioning and was segregated from user wallets.

Timeline of the CoinDCX Hack

ZachXBT and blockchain security firm Cyvers Alerts flagged the breach. The wallet involved had not been included in CoinDCX’s proof-of-reserve reports, making it difficult to identify without extensive blockchain analysis. Gupta attributed the breach to a sophisticated server compromise and clarified that the stolen funds will be covered by CoinDCX’s treasury reserves.

However, the community reacted strongly to the 17-hour delay in public disclosure. Critics raised questions about transparency, especially since the wallet was not publicly tagged. ZachXBT noted that shortly after the hack was acknowledged, users were encouraged to praise Gupta’s response, further intensifying skepticism online.

Impact and What’s Next

Trading and INR withdrawals remain fully functional, and CoinDCX has frozen affected systems to prevent further loss. The exchange is collaborating with cybersecurity firms and a partner platform to trace and recover funds. Gupta also announced the launch of a bug bounty program to proactively address vulnerabilities going forward.

This breach comes nearly a year after WazirX suffered a $235 million exploit, highlighting the ongoing vulnerability of India’s crypto infrastructure. As India’s crypto adoption grows, so does its appeal to cyber attackers. Analysts warn that exchanges must bolster internal security and respond swiftly to maintain user trust.

CoinDCX now faces the dual challenge of recovering assets and rebuilding credibility in a market where transparency is non-negotiable.