Cryptocurrency exchange platform CoinDCX suffered a major data breach that reportedly wiped out approximately $44 million (approximately Rs 378 crores). Despite the cyberattack that made it possible for a sophisticated data breach, CoinDCX assures that its customers’ funds remain unaffected and safe.
As an assurance to its customers, CoinDCX said that upon discovering the security breach, the company contained the incident by isolating the affected operational account. “Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us – from our own treasury reserves,” said the company’s spokesperson.
The incident, which occurred on July 19, involved unauthorised access to an internal operational account responsible for liquidity provisioning on a partner exchange. CoinDCX’s incident report, released on Sunday, stated that the breach was a “sophisticated server breach” that compromised one of their operational accounts by penetrating their liquidity infrastructure. CpinDCX said that the stolen funds were subsequently moved through various channels, primarily using the Solana-Ethereum bridge via Wormhole and Jupiter as a swap aggregator, before being deposited into two separate wallets.
CoinDCX says users’ funds safe
Despite the considerable financial loss, CoinDCX has reassured its users that all customer funds are secure and unaffected. The company clarified that its operational accounts are separate from customer wallets, thereby limiting the exposure to the compromised account. The company has also committed to covering the entire loss using its own treasury reserves.
“Trading activity, INR deposits and INR withdrawals continue. INR withdrawals below Rs 5 lakhs will reflect in your account within 5 hours, while withdrawals above Rs 5 lakhs will be processed within 72 hours. The incident was isolated and has no impact on your portfolio access or operations,” said the company in a statement.
Investigation is underway
CoinDCX has also confirmed taking immediate action to contain the breach by isolating the affected operational account. A detailed forensic investigation is already underway, assisted by two global security agencies. The Indian Computer Emergency Response Team (Cert-In) has also been notified of the breach.
The CoinDCX breach follows last year’s unfortunate incident involving another Indian exchange firm WazirX, which list approximately $230 million of user holdings.
