CoinDCX Targeted in Major Crypto Exchange Breach as $44 Million Vanishes
Indian cryptocurrency exchange CoinDCX has confirmed a security breach involving one of its internal wallets, resulting in a loss of approximately $44.2 million. The incident, first flagged by blockchain investigator ZachXBT and security firm Cyvers, marks another high-profile attack targeting centralized exchanges.
While CoinDCX’s co-founder and CEO Sumit Gupta assured the public that customer funds remain untouched, the incident has raised fresh concerns about operational wallet security across centralized platforms.
Tornado Cash Used to Obscure Attack Origins
The attack appears to have followed a sophisticated laundering pattern. According to ZachXBT, the attacker first funded their address with 1 ETH via Tornado Cash—a mixing service often used to obfuscate transaction origins. The funds were then moved across blockchains, with assets bridged from Solana to Ethereum in a series of complex transfers.
On-chain data shows the hacked funds being routed through several wallets and decentralized protocols, making it difficult to trace the final destination. Importantly, the compromised wallet wasn’t included in CoinDCX’s public proof-of-reserve disclosures, suggesting it may have been used for internal liquidity operations rather than direct customer transactions.
Security Experts Warn of Growing Threat to Centralized Exchanges
In a statement, Cyvers CTO Meir Dolev linked the breach to a broader trend affecting the crypto sector. “This hack is part of a recent wave of exchange breaches—including Bybit and WazirX—that highlight systemic weaknesses in access control,” Dolev said.
According to Cyvers, centralized exchanges (CEXs) accounted for more than 65% of all Web3 losses in Q2 2024, totaling nearly $500 million. The firm emphasized that real-time wallet monitoring and preemptive threat mitigation tools must become standard for crypto platforms.
CoinDCX Responds: User Assets Unaffected, Investigation Underway
Shortly after the breach was made public, CoinDCX CEO Sumit Gupta released a statement confirming the compromise. He explained that the affected wallet was linked to a third-party partner exchange and used for managing liquidity—not for storing user funds.
Hi everyone,
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts - used only for liquidity provisioning on a partner exchange - was compromised due to a… pic.twitter.com/L1kZhjKAxQ
“We’ve contained the affected systems and frozen related infrastructure,” Gupta stated. “Our team is working closely with security experts to investigate the breach and strengthen our internal controls.”
The incident was initially detected by Cyvers Alerts, which flagged a series of suspicious outflows from one of CoinDCX’s hot wallets. By the time the breach was confirmed, the stolen funds had already been funneled through multiple addresses.
