Blockchain analyst ZachXBT has reported that cryptocurrency exchange CoinDCX was likely targeted in a major theft resulting in the loss of approximately $44.2 million in digital assets. According to his findings, the incident took place nearly 17 hours before it was publicly acknowledged by the company.
In a series of posts, ZachXBT explained that the attacker’s wallet was initially funded with 1 ETH from Tornado Cash, a tool commonly used to obfuscate transaction origins. The attacker later bridged part of the stolen funds from Solana to Ethereum. He attributed the affected wallets to CoinDCX after analyzing on-chain data and reviewing counterparties, as the hot wallet involved was not publicly labeled or included in CoinDCX’s proof-of-reserves.
The alert was first brought to ZachXBT’s attention by blockchain security firm Cyvers, who flagged unusual withdrawal activity.
Read also: From a Zip File to Catastrophe: Radiant’s $50M Hack Explained
CoinDCX Response
CoinDCX CEO Sumit Gupta issued a public statement confirming a security incident involving one of the exchange’s internal operational accounts. He described the breach as a result of a “sophisticated server compromise” and emphasized that no customer funds were affected.
According to Gupta, the affected account was used for liquidity provisioning on a partner exchange and was isolated shortly after the incident was identified. CoinDCX stated that customer assets remain secure in cold wallet storage and that trading and INR withdrawals are fully operational.
The company has not confirmed the $44.2 million loss figure reported by ZachXBT and did not specify the exact amount involved in the breach.
Read also: Not Your Keys, Not Your Crypto: Why You Should Have a Cold Wallet
Ongoing Investigation and Mitigation Steps
CoinDCX reported that its security and operations teams are working alongside external cybersecurity firms to investigate the breach and trace the stolen funds. The company also mentioned plans to implement a bug bounty program and said it is coordinating with its exchange partner to block and potentially recover the assets.
Although the company publicly acknowledged the breach after it was flagged by an external investigator, it stated that it chose to go public “in the spirit of transparency”. Internal communication logs show that users were encouraged to support Gupta’s statement online.
Read also: The Ultimate Way to Protect Your Online Accounts from Hackers
Platform Status and Service Disruptions
While the CoinDCX Web3 wallet was temporarily taken offline, all INR-related services and centralized trading remained operational. The exchange cited increased server load as the reason for temporary issues with its portfolio API.
CoinDCX has not commented further on the timeline of the incident or whether law enforcement is involved. The platform has promised ongoing updates as the investigation continues.
