Coindcx, one of the greatest exchanges of India cryptocurrency, has undergone a major security violation, which destroyed nearly $ 44 million (approximately Rs 378 crores) of the platform, even if the company said that customer funds are not affected and safe.
Although the company has declared that it will fully cover the exposure from its own reserves, the incident highlights security problems in the world of very volatile cryptocurrency, and follows one of the largest security violations of a similar exchange, Wazirx, last year, where the hackers stole $ 230 million in assets.
What caused the violation at Coindcx?
According to an incident report published by Coindcx on Sunday, July 19, one of its internal operational accounts, used only for liquidity supply on an exchange of partners, was compromised due to a “sophisticated server violation”.
The immediate preliminary survey on violation has shown unauthorized access to the Coindcx account on one of its partners’ exchanges. “The striker has accessed the account used for operational liquidity supply by penetrating our liquidity infrastructure,” said the report.
The profits (~ 44 million dollars) were sent through several hops and finally landed on 2 wallets, said Coindcx. The attacker mainly used the Solana-Ethereum bridge via the green hole and Jupiter as a swap aggregator. The funds were moved by batches of 1,000 to 4,000 soil, indicating a “systematic and deliberate behavior”, according to the report.
All the active has finally been reduced to Ethereum and consolidated in a single ETH portfolio, which currently holds around 4,443 ETH (~ 15.7 million dollars). Currently, the original Solana portfolio still contains $ 155,830 ($ 27.6 million) in dormant active ingredients.
The company said that it was carrying out a detailed medico-legal survey on the incident with two security agencies renowned worldwide, and it also alerted the Indian IT emergency team (CERT-IN).
The story continues below this announcement
What will happen to user funds on Coindcx?
The company said it quickly contained the incident by isolating the affected operational account. “Since our operational accounts are separated from the client’s portfolios, exposure is only limited to this specific account and is entirely absorbed by us-from our own cash reserves,” he said.
He added that all the assets of all customers remain secure and fully accessible. Coindcx said that customer assets are kept in separate cold wallets, protected by multilayer and offline security checks.
“Our operational accounts are structurally separated from the client’s portfolios, by design. Coindcx maintains a robust reserve system to absorb these incidents and this reserve is used to fully cover the loss,” he added.
He added that his services remained entirely operational. “Commercial activity, INR deposits and INR withdrawals continue. INR withdrawals below RS 5 Lakhs will reflect in your account within 5 hours, while withdrawals greater than RS 5 Lakh will be treated within 72 hours.
The story continues below this announcement
What were some of the greatest crypto violations?
Last year, Wazirx, one of the country’s main cryptocurrency companies, underwent one of the largest cyberattacks in an Indian exchange after pirates stole more than $ 230 million from user assets, which was almost half of the platform reserves.
2022 was the biggest year for cryptographic hacks. According to the blockchain data platform chain, more than $ 3.8 billion in cryptocurrency were stolen from users in 2022. In 2023, the number fell to around 1.7 billion dollars.
The greatest crypto hacking has been held until now in March 2022 when hackers attacked the Ronnin network. They stole approximately $ 625 million from Ethereum and the Stablecoin USDC. In August 2021, a pirate exploited vulnerability in the Poly Network system, stealing more than $ 600 million in funds, but did not surprise the whole amount and mostly returned most. In October 2022, the Binance Crypto Exchange underwent a major security violation, resulting in an equivalent loss of $ 570 million.
