CoinDCX Under Siege: $44 Million Hack One Year After WazirX – A Complete Timeline & Analysis History doesn’t repeat itself, but it often rhymes., A saying that Indian crypto investors are painfully re-learning exactly one year after the WazirX hack. 1. Timeline: From Silence to Headlines in 17 Hours Date & Time (IST) Milestone 18 Jul 2025, ~07:30 PM Irregular outflows detected from a CoinDCX operational wallet used for liquidity on a partner exchange. 18 Jul 2025, 11:45 PM On-chain sleuth ZachXBT first flags the suspicious movement on Telegram and X, tracing the attacker’s path via Tornado Cash. 19 Jul 2025, 12:50 PM CEO Sumit Gupta publishes a public thread confirming the breach and reassuring users that customer funds are untouched . 19 Jul 2025, 01:30 PM Web3 trading section re-enabled after a brief precautionary suspension. 2. How the Hack Unfolded – A Technical Walkthrough 2.1 Entry Vector: “Sophisticated Server Breach” Target : An internal hot wallet whose sole purpose was to provide liquidity on a partner exchange , not to hold user assets. Method : The attacker leveraged a server-side vulnerability to gain privileged access and craft malicious withdrawal requests. The attacker’s wallet received just 1 ETH from Tornado Cash as seed capital, then siphoned $44.2 million in multiple tokens, mostly USDC, SOL, and ETH. 2.2 Money Laundering Route Solana → Ethereum Bridge using Wormhole. Mixing via Tornado Cash to obfuscate origin. Dusting smaller amounts to fresh wallets, preventing quick blacklisting. 3. Impact Assessment – Who Lost What? Stakeholder Impact CoinDCX Treasury -$44 million fully absorbed; no impact on balance sheet solvency. Retail Users Zero – funds remain in segregated cold wallets . Partner Exchange Trading pairs temporarily delisted; liquidity restored within hours. Market Confidence Short-term FUD; BTC/INR premium on CoinDCX actually narrowed by 0.3 % within 24 h, showing resilience. 4. Response Playbook – How CoinDCX Contained the Fallout 4.1 Immediate Actions (first 60 minutes) Isolation of the compromised wallet. Signing halt on the partner exchange to prevent further outflows. Incident war-room with internal security + external cyber-forensics firm (name under NDA). 4.2 Communication Strategy We have always believed in being transparent with our community, hence I am sharing this with you directly. — Sumit Gupta Real-time Twitter/X thread with technical details. AMA on CoinDCX Discord within 3 hours. Email/SMS blast to 1.6 crore users clarifying fund safety. 4.3 Long-Term Hardening Bug-bounty program (up to $100 k per critical bug) – announced 19 Jul. Multi-sig + MPC (multi-party computation) upgrade for all operational wallets. Quarterly on-chain attestations by external auditors starting Q3 2025. 5. Echoes of WazirX – A Side-by-Side Look Metric WazirX (18 Jul 2024) CoinDCX (18 Jul 2025) Loss $235 million $44 million User Funds Hit? YES – 45 % haircut proposed NO – fully protected Root Cause Compromised multisig owners Server breach of hot wallet Communication Lag 15 hours 17 hours (after on-chain exposure) Recovery Plan Restructuring in Singapore Treasury absorption + bug bounty The anniversary coincidence has spooked Indian regulators, with RBI reportedly circulating a fresh discussion paper on exchange custody models. 6. Voices from the Community Kudos for not passing the loss to users. But 17 h delay after ZachXBT’s alert is still too long. — @CryptoKaku (X) Web3 trading halt was scary. Glad it’s back. Lesson: Keep a non-custodial backup. — @DeFi_Desi (Telegram) 7. How to Protect Yourself – 5 Actionable Tips Enable 2FA (hardware keys > TOTP apps). Whitelist withdrawal addresses and set 24 h cooling periods. Diversify : Don’t keep >20 % of your stack on any single CEX. Monitor on-chain alerts – Follow ZachXBT, Cyvers, and exchange status pages. Cold-storage : For long-term HODLing, move funds to Ledger/Trezor. 8. What’s Next? A 90-Day Roadmap Week Milestone 0–2 Complete forensic report + file police complaint (already initiated). 3–6 Launch public bug bounty on Immunefi; publish audit results. 7–12 Roll out MPC-based withdrawal system; begin quarterly Merkle-tree proof-of-reserves. 9. Frequently Asked Questions (FAQ) Q1: Can I withdraw INR/crypto right now? A: Yes. INR withdrawals are normal . Crypto withdrawals are also operational for users who have opted in. Q2: Will CoinDCX raise trading fees to cover losses? A: No. Management has explicitly ruled out fee hikes; the loss is absorbed from treasury reserves . Q3: Was KYC data leaked? A: There is no evidence of KYC or personal data compromise. The breach was limited to an operational wallet. 10. Bottom Line – Should You Still Trust CoinDCX? Pros : Rapid containment, transparent disclosure (after external alert), full user-fund protection. Cons : 17-hour communication lag, hot-wallet single-point failure. Verdict : CoinDCX passed the stress-test by shielding users, but the incident underscores the need for real-tim