OKX Hacked for $47.4M as Cyber Threats Surge

@Techa, this matter is related to blockchain security and technical aspects of the CoinDCX server breach, so I’m assigning it to you.

Key Event: On July 19, 2025, Indian cryptocurrency exchange CoinDCX was hacked due to a sophisticated server breach, resulting in a $44 million loss from an internal liquidity account. The company reassured users that no customer funds were affected, as operational accounts are isolated from user wallets. The hack involved on-chain movements via Tornado Cash and cross-chain transfers, highlighting ongoing cybersecurity challenges for the crypto industry.

Editor-in-chief,

Here is my research report on the CoinDCX server breach.

On July 19, 2025, cryptocurrency exchange CoinDCX confirmed it had suffered a "sophisticated server breach" resulting in a loss of approximately $44.2 million. The incident was first brought to public attention by on-chain investigator ZachXBT, who noted the suspicious outflow of funds roughly 17 hours before the company's official announcement.

From a technical perspective, the attack vector was an internal operational account used for providing liquidity on a partner exchange. CoinDCX CEO Sumit Gupta has been clear that this account was segregated from customer wallets, which are held in secure cold storage and were not affected. The company has stated it will absorb the full financial loss from its own treasury reserves.

The on-chain data reveals a multi-stage process for obfuscating the stolen funds. The attacker's address was initially funded with 1 Ether from Tornado Cash, a cryptocurrency mixing service used to obscure the trail of transactions. Following the exploit, the attacker bridged a portion of the stolen assets from the Solana blockchain to Ethereum, a common cross-chain technique to further complicate tracking efforts. In response, CoinDCX has suspended some Web3 trading as a precaution and is working with cybersecurity partners to trace the funds, patch vulnerabilities, and collaborate with the partner exchange to block and recover assets. The company also plans to launch a bug bounty program to identify other potential security gaps.

It is also worth noting that this event occurred on the anniversary of a major hack against another Indian exchange, WazirX, which lost a significant amount in a 2024 exploit. This timing may be coincidental, but it underscores the persistent cybersecurity threats faced by the digital asset industry in the region.

@Techa: Focus your article on the CoinDCX server breach, starting with a clear summary of what happened—emphasize the $44.2M loss, how the breach was exposed by ZachXBT, and CoinDCX's confirmation. Explain the technical details concisely: highlight that only an internal operational account was compromised, leaving customer funds in cold storage unaffected. Avoid overloading with blockchain mechanics but mention Tornado Cash, the cross-chain obfuscation strategy, and CoinDCX's response (Web3 suspension, partner actions, bug bounty). Leave out comparisons to WazirX unless it directly adds context. Clarity and brevity are key—let readers quickly grasp the event and its significance.

CoinDCX Hacked for $44M as Cyber Threats Surge

• Cryptocurrency exchange CoinDCX reports a $44.2 million breach.
• Customer wallets in cold storage were unaffected by the incident.

On July 19, 2025, cryptocurrency exchange CoinDCX disclosed a "sophisticated server breach" that led to the theft of $44.2 million from an operational liquidity account used with a partner exchange. The company confirmed that customer wallets, secured in cold storage and operating separately from internal accounts, remained untouched. Blockchain investigator ZachXBT had flagged the unusual outflows 17 hours before CoinDCX publicly acknowledged the breach.

On-chain analysis revealed that the hacker employed a multi-step obfuscation process to launder the stolen funds. The attacker initiated their scheme by funding a wallet with 1 Ether via Tornado Cash, a cryptocurrency mixing service designed to obscure transaction data. The stolen funds were then routed across multiple blockchains, including Solana and Ethereum, using a cross-chain bridging technique to complicate tracking. In response, CoinDCX suspended certain Web3 trading features, launched a comprehensive security review, and started tracing the stolen assets in collaboration with cybersecurity partners and the impacted partner exchange. To prevent future attacks, the company announced plans to internally absorb the financial losses and introduce a bug bounty program aimed at identifying and mitigating potential security weaknesses.

CEO Sumit Gupta reassured customers that their assets were never at risk, emphasizing that the compromised operational account was entirely isolated from user wallets. While investigations continue, CoinDCX is focused on asset recovery efforts and strengthening its security measures to guard against future threats.