Indian crypto exchange CoinDCX was hit by a $44 million exploit on Friday after hackers compromised an internal account used for liquidity provisioning. The breach, which targeted CoinDCX’s operations with another exchange, was contained without impacting customer assets, according to CEO Sumit Gupta.
Gupta clarified that the attack was isolated to a specific operational account, separate from customer wallets. “The incident was quickly contained by isolating the affected operational account,” he stated. “Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us, from our own treasury reserves.”
Blockchain investigator ZachXBT revealed that the attacker’s wallet was initially funded via Tornado Cash with 1 ETH before moving some stolen assets from Solana to Ethereum. The use of Tornado Cash, a known crypto mixer, suggests an attempt to obscure the attacker’s identity and transaction trail.
CoinDCX Launches Bounty Program to Recover Funds
In response to the breach, CoinDCX has launched a white hat recovery initiative. The new bounty program offers ethical hackers up to 25% of any stolen funds they help recover. “More than recovering the stolen funds, what is important for us is to identify and catch the attackers,” Gupta emphasized in a follow-up statement. “Such things shouldn’t happen again—not with us, not with anyone in the industry.”
Despite the severity of the exploit, CoinDCX confirmed that all platform services continue as normal and customer assets remain secure. The exchange is working with blockchain analysts and security teams to track the attackers and fortify its infrastructure against future threats.
