What is the flight of Crypto Coindcx of $ 44 million?
The largest crypto exchange in India, Coindcx, was the victim of a sophisticated hack of $ 44.2 million on July 19, 2025.
The attackers managed to access an operational portfolio and drained it in a few minutes. Fortunately, Coindcx’s safety architecture meant that all customer funds were completely safe.
The piracy news took almost 5 p.m. to emerge, when the blockchain Sleuth Zachxbt alerted people from potential hacking via its official telegram channel.
CEO of Coindcx, Sumit Gupta, was then quick to answer, release A declaration on X, explaining that one of their internal operational accounts used for liquidity has been compromised, but confirmed that customer assets were kept safe.
This last Coindcx hacking attack was linked to the infamous Lazare group in North Korea, which is a piracy union sponsored by the aggressive state which targets the exchanges of crypto.
Many in the crypto community were frustrated In Coindcx, slow relationships, especially since the organization claims to maintain a strong public position on transparency. The comments of the community include: “You have all built this exchange on the story” to be transparent with the community “, but it took more than 18 hours to disclose the hacking of more than $ 44 million.”
So how did the attack take place, and why did it take so long to report it?
Did you know? North Korean attackers were responsible for the infamous bybit in February 2025, which led to the most important cryptography flight in history, totaling $ 1.5 billion.
How Coindcx was hacked
The Coindcx security violation took place with what was called military precision between July 16 and 19, 2025. GUPTA describes the incident as a sophisticated waiter violation, and according to the Exchange incident report.
“The striker has accessed the account used for operational liquidity supply by entering our liquidity infrastructure.”
Zachxbt, who has exhibited some of the largest cryptographic scams in recent years, has also followed the monetary track. On his telegram channel, he explain that “the attacker’s address was funded with an ether from Tornado Cash and later experienced part of the stolen funds from Solana to Ethereum”.
This Tornado cash launder crypto mixer has treated $ 7 billion since 2019 and has been used in initial funding and get their supplies towards this attack.
On July 16, the attackers carried out a “dry race” with a 1-USDT test transaction (USDT) when they are meticulous. This shows that it was not an opportunistic attack with hackers learning the exchange and liquidity infrastructure.
We do not currently know which vector of exact attack the criminals used, but security experts, such as Deddy Lavid, CEO of the Cywers Cybersecurity Company, suggested During their analysis, vulnerability was due to Backend access thanks to identification information exposed.
The COINDCX interior and operating teams worked with the main cybersecurity experts to investigate problems, trace funds and correct all vulnerabilities.
Did you know? Crypto exchanges’ safety violations can cause significant Bitcoin prices (BTC), generally 1.5% on the news of an attack. In addition, it can have negative effects on the market that persist far beyond the date of incident.
Tracking Funds for Indian Indian crypto exchange Coindcx
Once the attackers had drained more than $ 40 million in the USDT of the Operational Solana portfolio, the funds quickly evolved. In five minutes, the crypto portfolio was empty and the funds had started to move through the aggregator of Swap Jupiter and the infrastructure of a holes.
In the process, the assets have been systematically sanded from Solana to Ethereum in pieces from 1,000 to 4,000 Solana (soil).
The cryptocurrency was rout Through several hops and finally landed in two wallets:
- A Solana portfolio holding around 155,830 soil (approximately 27.6 million dollars) which remains dormant.
- An Ethereum portfolio containing approximately 4,443 ETH (approximately $ 15.7 million), where a large part of the stolen value has been consolidated.
Interestingly, it is believed that detection of the hack has been delayed due to the attackers exploiting legitimate operational privileges. They could carry out large -scale fund movements without triggering security alarms.
Lavid too added“Although the compromised account is separated from user portfolios, its operational privileges were sufficient to execute large -scale fund movements without triggering immediate alarms.”
Did you know? Fund recovery rates after a crisp are miserably low. Only $ 187 million out of the $ 2.5 billion stolen in the first half of 2025 were successfully returned. This represents less than 8%.
Coindcx’s response to hacking
On July 21, 2025, Coindcx announced a premium program offer Up to 25% of the funds recovered. The award, according to the success of the recovery efforts, could total up to $ 11 million.
GUPTA explained that the premium aims to encourage researchers, blockchain investigators and white hat hackers to help follow and recover stolen assets.
“More than the recovery of stolen assets, which is important for us is to identify and catch the attackers because such things should not happen again-not with us, not with anyone in the industry,” he said.
GUPTA has also repeatedly reiterated that no customer funds have been touched and that these assets are completely safe in cold storage infrastructure. He too explain On X that Coindcx is always “financially strong, fully operational and firmly committed” to build in the long term. It’s as usual.
The broader impact of the safety of crypto exchanges
Each week, it seems that a new wave of cryptographic crimes is emerging. 2025 was a devastating year for the safety of cryptography.
It is estimated that $ 2.17 billion stolen Cryptocurrency services in the first half of 2025. This exceeds all the losses of 2024 combined. Experts put the average loss by incident at $ 7.18 million, manufacturing It is one of the worst years never recorded.
An actor dominating in these threats is the Lazarus group in North Korea. They were linked to more than $ 1.6 billion in the first half of 2025 only. They use sophisticated tactics based on transverse bridges, infrastructure knowledge, cryptographic mixers and targeting centralized exchanges.
It highlights the importance of the exchanges operating with an appropriate security architecture which limits the damage caused by violations. In the case of Coindcx, its separate portfolio system, strong Coindcx cash reserves and the customer’s cold storage protected the company from the devastation.
Coindcx piracy really highlights the need for solid security in crypto exchanges. It’s a edifying story, that’s for sure. This shows how implacable groups like North Korea can be. At the same time, Coindcx has managed to ensure the safety of all customer funds using separate wallet systems. This gives an example of industry to other exchanges to be learned.
Crypto flight did not slow down in 2025, so it is difficult not to worry. Exchanges should not focus solely on stopping violations; They must configure their systems so that, if something is wrong, the damage remains contained and do not infect customer assets.
