India’s largest crypto exchange CoindCX confirmed that one of its internal operating accounts was compromised in a recent security breaches, allowing hackers to gain millions of security with crypto.
On Saturday, CoindCX co-founder and CEO Sumit Gupta revealed in a post by X that the internal account was breached during the hack that “it is only used for liquidity provisioning in partner exchanges.” The executive ensured that the incident did not affect client funds and that all customer assets remained safe.
Earlier in the day, Crypto Security Researcher ZachxBT reported that approximately $44.2 million had been emitted from CoindCX’s financial resources due to the incident.
“One (Ethereum) tornado cash was funded at the attacker’s address, and some of the funds that were later stolen were bridged from Solana to Ethereum,” the researcher posted on the Telegram channel.
CoindCX confirmed defy’s losses and said the funds were routed through Solana-Ethereum Bridges and integrated into 4,443 Ethereum and 155,830 Solana. Crypto Exchange also noted that it is working with the Indian Computer Emergency Response Team, CERTIN, and Partner Exchange to investigate the issue.
Registered with the government’s financial information unit, India’s crypto exchange boasts over 16 million users and provides access to over 500 crypto assets.
“The incident was included immediately by separating the affected operational accounts,” Gupta said in the X-Post. “Because our operating accounts are separated from our customer wallets, exposure is limited to this particular account only and is fully absorbed by our own Treasury Department.”
defy Events
San Francisco
|
October 27th-29th, 2025
Gupta noted that the company is working with exchange partners to block and collect assets. “We understand that even if our client assets are not affected, incidents like this can be unsettling,” he said.
The exchange also launched its “recovery prize money” program on Monday, awarding up to 25% of the funds recovered to those who can help track and retrieve stolen codes.
“What’s more important to us than collecting stolen funds is identifying and catching attackers because that shouldn’t happen with us and not with anyone in the industry,” Gupta said.
The news of the violation comes almost a year after losing almost half of its reserves as a massive violation at Indian Crypto Exchange giant Waziruks caused a loss of $230 million. The exchange has ceased trading after loss. However, it remains unclear whether there is a connection between the two incidents.
