PANews reported on July 20 that according to ZachXBT, the centralized exchange "CoinDCX" appears to have been hacked, with losses of approximately $44.2 million. The attacker initially obtained 1 ETH from Tornado Cash and then bridged part of the stolen funds from Solana to Ethereum. The affected CoinDCX hot wallet has not been publicly labeled and is not included in the current proof of reserves, requiring manual attribution through counterparty analysis.
In response, CoinDCX CEO Sumit Gupta tweeted that an internal operational account (used only for providing liquidity on partner exchanges) was compromised due to a complex server vulnerability. The CoinDCX wallet used to store customer assets was not affected and remains completely secure. He emphasized that no customer funds were impacted, and user assets remain absolutely safe in secure cold wallet infrastructure, with all trading activities and Indian Rupee withdrawals proceeding normally. The official internal security and operations team is working around the clock with cybersecurity partners to investigate the incident, patch any vulnerabilities, and track fund movements. CoinDCX is collaborating with exchanges to freeze and recover assets, including the upcoming launch of a bug bounty program.
