Indian exchange CoinDCX lost $44 million in a July 18 hack. Attackers exploited a serious vulnerability in the exchange’s servers to gain access to the company’s internal account.
How the hack happened
Hackers compromised one of CoinDCX’s internal accounts, which was used to provide liquidity when working with another exchange. The attack succeeded after the attackers overcame the company’s server defenses.
CoinDCX CEO and co-founder Sumit Gupta reported the incident on July 19, emphasizing that user funds were not affected.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a… pic.twitter.com/L1kZhjKAxQ
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
The trail of stolen funds
ZachXBT analyst traced the movement of the stolen funds and found that the attacker’s address was funded with 1 Ethereum via a Tornado Cash mixer. Later, some of the stolen assets were transferred from the Solana network to Ethereum.
Movement of the stolen funds. Source: ZachXBT
The incident occurred exactly one year after the hack of another Indian exchange, WazirX, which lost $235 million. An analyst at Infinity Hedge noted this anniversary, recalling the persistent cybersecurity threats in the crypto industry.
A series of recent attacks on exchanges
CoinDCX was not the only victim of hackers in recent weeks. Iranian exchange Nobitex was attacked on June 18, losing $100 million. The pro-Israeli hacking group Gonjeshke Darande claimed responsibility for the hack, citing political motivations for the attack. After stealing the funds, the group also published the source code of the exchange online.
On July 9, hackers attacked GMX V1, a version of the GMX protocol for trading open-ended contracts on the Arbitrum network. The attackers stole $40 million but returned the funds a few days later and received a $5 million reward for disclosing the vulnerability.
On July 15, decentralized finance platform Arcadia Finance was affected by a smart contract exploit, with attackers stealing $3.5 million.
Source:: CoinDCX Suffers $44 Million Hack, Joining Series of Major Crypto Exchange Attacks