CoinDCX $44M Breach: Details and Impact
Indian cryptocurrency exchange CoinDCX confirmed a significant security breach resulting in the loss of approximately $44 million. The attackers exploited a sophisticated server breach to access an internal operational wallet used for liquidity provisioning, but customer wallets remained unaffected. The stolen funds, including 4,443 ETH and 155,830 SOL, were moved via Solana-Ethereum blockchain bridges to obscure their trail.
CoinDCX Breach Timeline and Disclosure Delay
The breach was detected first by blockchain investigators, with sleuth ZachXBT and security firm Cyvers Alerts flagging suspicious transactions about 17 hours before CoinDCX publicly disclosed the incident. During this period, the attacker funded the exploit wallet using 1 ETH from the crypto mixer Tornado Cash and dispersed the stolen assets across multiple blockchains, complicating tracking.
Tornado Cash Connection in CoinDCX Breach
Investigations revealed the attacker made use of Tornado Cash, a privacy-focused crypto mixer, to launder funds. This method, coupled with cross-chain bridging between Solana and Ethereum, demonstrates a sophisticated approach to obfuscate stolen assets. Analysts also noted ties to tactics reminiscent of North Korea’s Lazarus Group, underlining the professional nature of the attack.
CoinDCX Recovery Bounty Program
In response, CoinDCX announced an unprecedented Recovery Bounty Program, offering up to 25% (~$11 million) of recovered funds as a reward. The program invites white-hat hackers, researchers, and partners to help trace, recover stolen assets, and identify perpetrators. The exchange confirmed it would fully absorb the loss using treasury reserves while maintaining that all customer funds remain secure and trading continues normally.
This breach underscores the critical need for improved security and transparency across Indian crypto exchanges, while raising awareness of the risks centralized platforms face despite advanced safeguards.
