CoinDCX Hacked Update: Internal Breach, No Customer Loss

CoinDCX Hacked Confirms $44M loss, Assures User Funds Are Safe

CoinDCX Hacked: First Update After $44M Breach

Sumit Gupta, Co-founder of CoinDCX, on behalf of the company, released the first official update following the July 19 CoinDCX Hacked server breach, stating that all customer funds are 100% safe and stored in guarded cold wallets. The whole $44M loss is fully covered by the Company's reserves as the attack affected only one internal account of the firm. 

Source: X

The released report also mentioned that trading and withdrawals are not under this and operations continue as usual. Users are still concerned about their savings regarding delayed deposits, inaccurate balances, and app glitches.

Internal Account Compromised, Not Customer Wallets

In a report, regarding CoinDCX Hacked case, it is stated that hackers targeted a non customer account that is of firm’s liquidity operations. The reason for the  compromise was “sophisticated server breach” as the team described with the assurance that public funds are stored in offline and separate wallets, which are in no link with operational accounts.

Hacker Moved Funds via Solana and Ethereum

The thieves first stole money in Solana (SOL), taking around 155,830 SOL, or $27.6 million, in one source wallet. The money was then broken up into smaller transactions, converted to Wrapped Ethereum (WETH) through the Solana-based Jupiter aggregator, and then bridged to Ethereum using Wormhole.

Source: Official Page

CoinDCX Hacked assets ended up in two Ethereum wallets, and approximately 4,443 ETH (~$15.7 million) has been accumulated. The addresses of these wallets are available publicly on Arkham Intelligence, although registration is required to see full on-chain information.

Services Continue Without Disruption

In spite of the breach, organisation claims to be fully operational, All activities of trading, INR deposits and withdrawals are continued without restrictions.  

Users can withdraw amounts with some settled regulations like under ₹5 lakhs within 5 hours, and above ₹5 lakhs within 72 hours.

CEO Sumit Gupta reassures users through his social media handle to not panic and believe rumoured statements, take updates from the official page.  

Ongoing Investigation & Recovery Efforts

The team is currently working with global cybersecurity firms, blockchain experts, and legal authorities. The company has also reported the incident to the CERT-In, India’s official cybersecurity group. In a push for transparency, CoinDCX plans to unveil public forensic data and a “Recovery Bounty Program” 

But at the same time users are upset with the late CoinDCX Hacked confirmation , almost when it goes public. They expected the team to make it clear on an early basis by in-platforms sources.  

Source: X

Final Word

"CoinDCX Hacked" incident is another reminder of the evolving cyber threats in the crypto ecosystem. While there is no public loss reported, it still raises questions on the need of enhanced infrastructures, segregation of funds, and the threat generated from third party suppliers’ loopholes, a general pattern in most of the previous cases.