BENGALURU: Crypto exchange CoinDCX on Friday said it is investigating a security breach involving one of its internal accounts, after blockchain experts flagged suspicious fund transfers linked to the platform. The company clarified that customer funds remain safe and unaffected.
The breach, which CoinDCX described as “server-side,” involved an operational account used for managing liquidity. While the company has not disclosed the exact amount of funds involved, independent blockchain trackers estimate that around $44 million may have been drained.
The issue came to light after well-known on-chain investigator ZachXBT and security firm Cyvers pointed to unusual activity involving a CoinDCX-linked wallet. They said the wallet sent funds through Tornado Cash, a crypto tool often used to hide transaction trails, and moved the assets to the Ethereum blockchain. These transactions reportedly took place nearly 17 hours before CoinDCX acknowledged the incident publicly.
Sumit Gupta, co-founder and CEO of CoinDCX, said the company quickly isolated the affected account and is working with external cybersecurity firms to investigate what went wrong. “No customer funds have been impacted. Your assets remain completely safe and protected in our secure cold wallet infrastructure,” Gupta said in a post on microblogging site X.
Gupta said that CoinDCX will absorb the loss from its own treasury and that regular trading and INR withdrawals continue to operate as usual. The company is also working with a partner exchange to trace the movement of funds and block further transfers.
A bug bounty programme will be launched to encourage ethical disclosures of vulnerabilities, and updates will be shared in real time as the investigation progresses, Gupta added.
CoinDCX has not yet confirmed the total value of assets lost or disclosed the name of the partner exchange assisting in the probe.
The breach, which CoinDCX described as “server-side,” involved an operational account used for managing liquidity. While the company has not disclosed the exact amount of funds involved, independent blockchain trackers estimate that around $44 million may have been drained.
The issue came to light after well-known on-chain investigator ZachXBT and security firm Cyvers pointed to unusual activity involving a CoinDCX-linked wallet. They said the wallet sent funds through Tornado Cash, a crypto tool often used to hide transaction trails, and moved the assets to the Ethereum blockchain. These transactions reportedly took place nearly 17 hours before CoinDCX acknowledged the incident publicly.
Sumit Gupta, co-founder and CEO of CoinDCX, said the company quickly isolated the affected account and is working with external cybersecurity firms to investigate what went wrong. “No customer funds have been impacted. Your assets remain completely safe and protected in our secure cold wallet infrastructure,” Gupta said in a post on microblogging site X.
Gupta said that CoinDCX will absorb the loss from its own treasury and that regular trading and INR withdrawals continue to operate as usual. The company is also working with a partner exchange to trace the movement of funds and block further transfers.
A bug bounty programme will be launched to encourage ethical disclosures of vulnerabilities, and updates will be shared in real time as the investigation progresses, Gupta added.
CoinDCX has not yet confirmed the total value of assets lost or disclosed the name of the partner exchange assisting in the probe.
You may also like
CAG Report Flags Maharashtra's Rising Off-Budget Borrowings For Debt Repayment
VIDEO: African-British Man Enters Into ISKCON's Pure Veg Restaurant With KFC Meal, Offers Devotees, And Chews Chicken In Front Of Everyone
IND vs ENG 4th Test: Injury-Hit Team India Add Anshul Kamboj To Squad, Arshdeep Ruled Out, Akash Doubtful; Says Report
'Sleeping Prince' Of Saudi Arabia Passes Away After 20 Years In Coma
Usyk KOs Dubois to become undisputed world heavyweight champion for a second time
