What is CoindCX $44 million crypto theft?
India’s largest crypto exchange, CoindCX, was killed in a sophisticated $44.2 million hack on July 19, 2025.
The attacker managed to access the operational wallet and drained it within minutes. Fortunately, CoindCX’s security architecture meant that all customer funds were kept completely safe.
The news of the hack took almost 17 hours to appear when blockchain detective Zachxbt warned of a potential hack via his official telegram channel.
CoindCX CEO Sumit Gupta issued a statement on X, explaining that one of the internal management accounts used for liquidity has compromised, but confirmed that customer assets are kept safe.
This latest CoindCX hack attack is linked to North Korea’s infamous Lazarus group. This is an active, state-sponsored hacking syndicate targeting crypto exchanges.
Many in the Crypto community were unhappy with CoindCX’s late report. In particular, they argue that the organization maintains a strong public attitude towards transparency. The community commented, “Y’all built this interaction into a story of “being transparent with the community,” but it took me more than 18 hours to disclose the more than $44 million hack.”
So how was the attack going on and why did it take so long to report it?
Did you know? North Korean attackers were responsible for the infamous Buybit Hack in February 2025, resulting in the existence of the most important single crypto theft in history, totaling $1.5 billion.
How CoindCX was hacked
CoindCX security violations were deployed as what was called military accuracy from July 16th to 19th, 2025. Gupta describes the incident as a sophisticated server breach, according to the exchange’s incident report.
“The attacker accessed the accounts used for operability liquidity provisioning by penetrating the liquidity infrastructure.”
Zachxbt, which has exposed some of the biggest crypto scams in the past few years, is also following the money trail. On his telegram channel, he explained that “the attacker’s address was funded with one ether from the tornado cash, and later bridged some of the funds that were stolen from Solana to Ethereum.”
The Tornado Cash Laundering Crypto Mixer has processed $7 billion since 2019 and has been used to fund and prepare for the attack.
On July 16th, the attackers performed a “dry run” in a 1-USDT (USDT) test transaction during careful reconnaissance. This indicates that hackers were not an opportunistic attack that learned exchange and liquidity infrastructure.
Currently, the exact attack vector used by criminals is unknown, but security experts such as Deddy Lavid, CEO of cybersecurity firm Cyvers, suggested during their analysis that the vulnerability was due to backend access with published credentials.
CoindCX’s internal security and operations team works with top cybersecurity experts to investigate issues, track funds and patch vulnerabilities.
Did you know? A security breach in crypto exchanges can cause a significant drop in Bitcoin (BTC) prices. Usually 1.5% on attack news. Additionally, it could have a negative market impact that lasts well beyond the date of the incident.
Track your funds from Coindcx Indian Crypto Exchange hacks
The funds moved quickly as the attackers emitted more than $40 million in USDT from their operational Solana wallets. Within five minutes, the crypto wallet was empty and the funds began moving through Jupiter swap aggregators and wormhole bridge infrastructure.
In the process, assets were systematically bridged from Solana to Ethereum in chunks of 1,000-4,000 Solana (SOL).
The cryptocurrency was routed through multiple hops and eventually landed in two wallets.
- A Solana wallet that holds 155,830 SOL (approximately $27.6 million) that remains dormant.
- An Ethereum wallet containing approximately 4,443 ETH (approximately $15.7 million) with many of the stolen values integrated.
Interestingly, it is believed that the detection of hacks has been delayed due to attackers exploiting legitimate operational privileges. They were able to make large fund moves without triggering security alarms.
Lavid said, “The compromised account was separated from the user wallet, but its operating privileges were sufficient to carry out the large fund moves without causing immediate alarms.”
Did you know? The recovery rate of funds after a code robbery is miserably low. Of the $2.5 billion stolen in the first half of 2025, only $187 million was successfully returned. This is less than 8%.
CoindCX response to hacks
On July 21, 2025, CoindCX announced a prize program that provides up to 25% of the funds recovered. The reward could total $11 million, depending on the successful recovery effort.
Gupta explained that the prize money is intended to encourage researchers, blockchain investigators and white hat hackers to help track and acquire stolen assets.
“More than collecting stolen assets, what is important to us is identifying and catching the attacker, because that should never happen again.
Gupta has also repeated many times that customer funds have not been affected and that those assets are completely secure in cold storage infrastructure. He also explained in X that coindcx is “financially strong, fully operational and solidly committed” over the long term. As always, it’s business.
The broader impact of crypto exchanges on security
Every week, there appears to be a new wave of code crime. 2025 has been a devastating year for crypto security.
It is estimated that $2.17 billion was stolen from cryptocurrency services in the first half of 2025. This is more than everything, combined with 2024 losses. Experts have made the average loss per incident at $7.18 million, making it one of the worst years on record.
One dominant actor of these threats is the North Korean Lazarus group. They are linked to stealing more than $1.6 billion in the first half of 2025 alone. They use sophisticated tactics targeting cross-chain bridging, infrastructure knowledge, crypto mixers, and centralized exchange.
It emphasizes the importance of replacements that operate in a proper security architecture that limits damage from violations. In the case of CoindCX, its isolated wallet system, powerful CoindCX Treasury Reserve, customer refrigeration protected businesses from devastation.
The CoindCX hack really highlights the need for strong security in crypto exchanges. Certainly, it’s a warning story. It shows just how unforgiving a merciless group like North Korea’s Lazarus is. At the same time, CoindCX was able to use a separate wallet system to keep all customer funds safe. It sets up industry examples for other exchanges to learn.
Crypto theft has not slowed down in 2025, so it’s hard to worry. Exchanges should not focus solely on halting violations. They need to set up the system to prevent any damage being included if something goes wrong and infects the customer’s holdings.
