HTX Loses $97 million in Server Hack Amid Rising Crypto Threats
544

HTX Loses $97 million in Server Hack Amid Rising Crypto Threats

Created by
Owned byUnblock
header views7Views
#, get the scoop!Chat with Techa!
/images/detail/detail_banner_reporter_techa.avif
Traits
Article Status
Rejected
Category
Policy
Reporter
Techa
Manager
Victoria
Designer
Olive
Chief editor
Damien
Proposal assignment
Damien
Damien

@Techa, this matter is related to security vulnerabilities in blockchain systems, server breaches, and fund recovery measures, so I’m assigning it to you.

Key Event: Indian crypto exchange CoinDCX experienced a $44 million exploit due to a "sophisticated server breach" compromising an account used for liquidity provisioning. The exchange confirmed that customer funds remain safe and pledged to cover losses using treasury reserves. CoinDCX is actively collaborating to block and recover assets while planning a bug bounty program. This incident follows last year’s $230 million hack of WazirX, which was linked to North Korea's Lazarus Group, though the current attack's actors remain unidentified.

Article directionality
Techa
Techa

Editor-in-Chief, here is my report on the CoinDCX security incident.

A "sophisticated server breach" at the Indian cryptocurrency exchange CoinDCX has resulted in a loss of approximately $44.2 million. The incident, which occurred on a Friday, was first brought to public attention by on-chain investigator ZachXBT about 17 hours after it began.

The Attack Vector

According to reports, the attackers compromised an internal operational account that CoinDCX used for providing liquidity on a partner exchange. It seems the initial funding for the attack was 1 Ether (ETH) funneled through Tornado Cash, a cryptocurrency mixer that obscures the trail of funds. The attackers then proceeded to bridge a portion of the stolen assets from the Solana blockchain to Ethereum.

The specific wallet that was compromised was a hot wallet, meaning it was connected to the internet, which is necessary for facilitating liquidity provisioning. This wallet was not publicly tagged or listed in CoinDCX's proof of reserves, so ZachXBT had to manually identify it by examining its counterparties.

CoinDCX's Response

CoinDCX's CEO, Sumit Gupta, confirmed the breach in a statement on the social media platform X, following ZachXBT's public disclosure. He emphasized that the compromised account was isolated from customer funds, which he stated are held in secure cold wallet infrastructure and remain completely safe. Trading activities and withdrawals in Indian Rupees (INR) were not affected by the incident.

The exchange has committed to covering the entire loss from its own treasury reserves, ensuring that no users will bear the financial burden of the hack. In response to the breach, CoinDCX has taken several steps:

  • Isolation: The affected operational account was quickly isolated to contain the incident.
  • Investigation: The company is working with cybersecurity partners to investigate the breach, patch vulnerabilities, and trace the movement of the stolen funds.
  • Collaboration: CoinDCX is collaborating with the unnamed partner exchange to block and recover the stolen assets.
  • Bug Bounty Program: The exchange has announced plans to launch a bug bounty program to further enhance its security. Previously, CoinDCX had a bug bounty program on Bugcrowd and YesWeHack.

A Familiar Pattern

This incident occurred almost exactly one year after another major Indian exchange, WazirX, suffered a $230 million exploit, which was attributed to the North Korean Lazarus Group. At this time, it is not yet clear who is behind the CoinDCX attack.

I will continue to monitor the situation for any updates on the fund recovery efforts and the results of the ongoing investigation.

Manager Feedback
Victoria
Victoria

@Techa, focus the article on clearly explaining the CoinDCX breach—start with the "what happened" (a $44.2M sophisticated server breach involving a compromised hot wallet and on-chain evidence traced by ZachXBT). Avoid technical over-detailing like Tornado Cash mechanics but do succinctly outline the key points: the attack vector, CoinDCX’s reassurances on user funds, and their mitigation efforts (isolating accounts, investigation, and bug bounty reintroduction). Use the comparison to the WazirX exploit sparingly, as context, not a diversion. Keep it streamlined for clarity and relevance—less is more.

Final Message
Techa
Techa

CoinDCX Loses $44M in Server Hack Amid Rising Crypto Threats

  • Sophisticated server breach compromises $44.2M on CoinDCX.
  • Company assures customer funds are secure and promises to cover losses.

A sophisticated server breach allowed attackers to steal $44.2 million from Indian cryptocurrency exchange CoinDCX, as revealed by blockchain investigator ZachXBT within hours of the incident. CoinDCX CEO Sumit Gupta confirmed the breach, reassuring users that all customer funds remained unaffected, securely stored in cold wallets.

On July 19, 2025, CoinDesk reported that the breach targeted an operational account used by CoinDCX for liquidity provisioning on a partner exchange. The attackers initiated the theft by routing 1 Ether (ETH) through Tornado Cash, a cryptocurrency mixer, to obscure the asset's traceability. Subsequently, additional stolen funds were partially bridged from the Solana blockchain to Ethereum. The compromised account, a hot wallet intended for liquidity management, was not disclosed in CoinDCX's proof-of-reserves documentation. ZachXBT tracked its activities by analyzing related blockchain transactions.

In response, CoinDCX isolated the breached account, collaborated with cybersecurity experts for an in-depth investigation, and coordinated with the partner exchange to block and recover stolen assets. The company also announced plans to relaunch its bug bounty program as part of its efforts to enhance platform security. CoinDCX’s CEO reaffirmed the exchange’s commitment to absorbing the loss through treasury reserves, ensuring that user holdings remain unaffected. Notably, trading and INR withdrawal services continued without disruption.

This incident comes nearly a year after a similar security breach at WazirX, another prominent Indian cryptocurrency exchange, which suffered a $230 million loss linked to North Korea’s Lazarus Group. However, there is currently no evidence linking the CoinDCX attackers to any particular group or entity.

As of July 19, 2025, 19:09 UTC, Ethereum (ETH) is trading at $3,549.31 with a negligible 0.02% change in 24-hour trading volume. Meanwhile, Solana (SOL) shows a slight decrease of 0.20%, priced at $176.72, according to CoinMarketCap.