Indian cryptocurrency exchange CoinDCX has reportedly suffered a security breach, resulting in the loss of approximately $44 million. The exploit, which occurred on Friday, involved a "sophisticated server breach" that compromised one of CoinDCX's internal accounts used for liquidity provisions with another exchange.

According to on-chain sleuth ZachXBT, the attacker's address was initially funded with 1 Ether (ETH) from Tornado Cash, a cryptocurrency mixer, and subsequently bridged a portion of the stolen funds from the Solana (SOL) blockchain to Ethereum. ZachXBT also noted that the affected CoinDCX hot wallet was not publicly tagged or included in the exchange's current proof of reserves, requiring manual attribution through a review of counterparties.

CoinDCX CEO and co-founder Sumit Gupta addressed the incident in a statement on social media platform X, assuring users that customer funds remained safe and were unaffected by the breach. He explained that the compromised account was isolated swiftly, and since operational accounts are segregated from customer wallets, the exposure was limited to the specific account. The company is absorbing the losses from its own treasury reserves. Gupta added that all trading activities and Indian rupee (INR) withdrawals are operating normally.

Following the incident, CoinDCX has taken steps to address the breach and prevent future occurrences. The exchange is collaborating with cybersecurity experts to investigate the matter, recover the stolen funds, and enhance its security measures. Additionally, CoinDCX plans to launch a bug bounty program to further strengthen its security infrastructure.

The incident has sparked discussions within the cryptocurrency community regarding the security of digital asset exchanges and the importance of robust security measures. Some users have criticized CoinDCX for the delayed response in disclosing the incident, as the official announcement came after on-chain investigators had already brought the issue to light.

This incident serves as a reminder of the persistent cybersecurity threats that cryptocurrency exchanges and investors face. Just a year ago, another major Indian exchange, WazirX, experienced a significant security breach involving $230 million. In light of the WazirX hack, CoinDCX had established a Crypto Investors Protection Fund with nearly $6 million to compensate users in case of security breaches.

The CoinDCX hack highlights the ongoing need for cryptocurrency exchanges to prioritize security and transparency to protect user funds and maintain trust within the ecosystem.