Reported on July 20 that according to ZachXBT, the Indian centralized exchange "CoinDCX" appears to have been stolen, with a loss of approximately $44.2 million. The attacker's address initially received 1 ETH of funds from Tornado Cash, and then bridged part of the stolen funds from Solana to Ethereum. The affected CoinDCX hot wallets are not publicly marked, nor are they included in the current reserve proof, and need to be manually attributed through counterparty analysis.
In response, CoinDCX CEO Sumit Gupta tweeted that one of its internal operating accounts (used only to provide liquidity on partner exchanges) was hacked due to a complex server vulnerability. The CoinDCX wallet used to store customer assets was not affected and is completely safe. It also emphasized that no customer funds were affected, user assets remain absolutely safe in a secure cold wallet infrastructure, and all trading activities and Indian rupee withdrawals are proceeding normally. The official internal security and operations team is working with cybersecurity partners around the clock to investigate the matter, patch any vulnerabilities and track fund flows. CoinDCX is working with exchanges to freeze and recover assets, including an upcoming vulnerability bounty program. [PANews]