The blockchain security firm Cyvers said its system detected a hack into the Indian centralized exchange, CoinDCX. The hacker(s) is thought to have stolen around $44.2 million in USDC and USDT from one of the exchange’s operational wallets on Solana. The hacker funded the attack with 1 ETH from Tornado Cash. Part of the funds ($15.8 million) was moved to Ethereum via a bridge.
The hack was confirmed by online sleuth ZachXBT, who also noted that the affected hot wallet is not publicly tagged or included in current proof of reserves. While the breach was first detected late on July 18, CoinDCX confirmed the incident on July 19 via X, formerly Twitter.
In the social media post, Sumit Gupta, CoinDCX CEO, said that one of the exchange’s internal operational accounts was compromised after a “sophisticated” server breach. Gupta, however, stated that wallets used to store customer assets were not impacted and are “completely safe,” adding that all trading activity and withdrawals remain fully operational. Gupta also outlined steps CoinDCX has taken since confirming the breach.
“Our internal security and operations teams have been working diligently along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities and trace the movement of funds. We are collaborating with other exchange partners to block and recover assets, including launching a bug bounty program soon,” Gupta stated.
Meanwhile, in a statement to Bitcoin.com news, Cyvers CTO Meir Dolev said the latest attack is a stark reminder that centralized platforms remain prime targets for sophisticated access control attacks. It suggested that attacks targeting WazirX, Bybit, and CoinDCX all point to a fundamental problem with the security systems used by centralized exchanges.
“In Q2 2024 alone, over 65% of losses in Web3 originated from CEX-related incidents, with nearly $500 million lost due to wallet access breaches. These are not isolated events; they’re systemic weaknesses. We urge exchanges to rethink their security posture and move beyond reactive defenses,” Dolev said.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
