Latest news with #Cyvers
Economic Times
2 days ago
- Business
- Economic Times
How safe are your crypto assets after CoinDCX's Rs 368 crore hack?
Tired of too many ads? Remove Ads What happened? Crypto TrackerPowered By TOP COINS TOP COIN SETS XRP 307.67 ( 3.41 %) Buy Ethereum 3,27,005 ( 3.21 %) Buy BNB 65,627 ( 2.23 %) Buy Bitcoin 1,03,00,831 ( 1.24 %) Buy Tether 86.28 ( 0.13 %) Buy Services remain stable, but questions linger Popular in Markets 1. System vs System: Why crypto needs a culture of relentless security Experts stress the need for stronger industry norms CoinDCX response and roadmap Tired of too many ads? Remove Ads Why this matters India's leading cryptocurrency exchange, CoinDCX , recently suffered a security breach resulting in a loss of approximately $44.2 million (Rs 368 crore). While the company quickly reassured users that no customer assets were affected, the incident has reignited concerns over the security of crypto platforms and what more must be done to protect users in an increasingly hostile cyber disclosed on Saturday that one of its internal operational accounts — used for liquidity provisioning on a partner exchange — was compromised following a "sophisticated server breach." The company emphasized that the breach was limited to this internal wallet and did not impact user funds 'Today, one of our internal operational accounts — used only for liquidity provisioning on a partner exchange — was compromised due to a sophisticated server breach,' said Sumit Gupta, Co-founder and CEO, in a post on X. 'I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe.'The compromised account was isolated quickly, and CoinDCX stated that it would absorb the entire loss from its treasury, with no impact on the breach, CoinDCX said that trading and INR withdrawals continued without interruption. However, some users reported issues accessing their portfolios due to increased server traffic, which were later blockchain analysts such as ZachXBT and cybersecurity firm Cyvers flagged the breach hours before the official announcement. The attacker reportedly transferred stablecoins (USDC and USDT) from Solana to Ethereum and used Tornado Cash to obscure the trail — a common tactic used to evade incident has raised concerns among industry experts, who say more robust, industry-wide security standards are critical.'The CoinDCX incident is a sobering reminder that no platform is immune to evolving cyber threats,' said Aishwary Gupta, Global Head of Payments at Polygon Labs. 'While it's commendable that user funds remained safe, this highlights the urgent need for industry-wide adoption of real-time monitoring, rigorous smart contract audits, and transparent incident disclosures. Security and user trust must go hand-in-hand as we build the next generation of financial infrastructure.'In response to the attack, CoinDCX said it is working with external cybersecurity experts and the affected partner exchange to identify vulnerabilities and trace the stolen assets. Gupta also mentioned plans to launch a bug bounty program to detect system flaws before they can be exploited.'Our internal security and operations teams have been working through the day along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities, and trace the movement of funds,' Gupta company has not disclosed whether law enforcement or regulatory bodies have been engaged, but said updates will be shared with the community in real incident comes nearly a year after WazirX — another major Indian exchange — suffered a breach involving over $230 million. While WazirX paused withdrawals and faced criticism for delayed communication, CoinDCX's decision to take full financial responsibility may set a new benchmark for user-first broader concern now is whether crypto platforms are equipped to match the pace of increasingly sophisticated cyber threats — and whether India's regulatory framework can evolve quickly enough to safeguard retail investors.: Recommendations, suggestions, views and opinions given by the experts are their own. These do not represent the views of the Economic Times)
News18
3 days ago
- Business
- News18
CoinDCX Hit By Cyberattack: Exchange To Cover Rs 368 Crore Loss From Treasury
'I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe," Gupta said in a post on X. The breached account was reportedly used for liquidity provisioning on a partner exchange. The platform has since isolated the affected account, and security teams are actively working with cybersecurity firms to investigate the incident and patch vulnerabilities. While CoinDCX has not disclosed the exact amount involved, blockchain investigator ZachXBT and security firm Cyvers flagged unusual wallet activity. ZachXBT estimated that nearly $44.2 million was drained, with stolen funds reportedly moved from Solana to Ethereum, and routed via Tornado Cash — a tool known for obfuscating transactions. ZachXBT raised the alarm nearly 17 hours before CoinDCX publicly acknowledged the breach. CoinDCX To Cover Losses, No Impact On Users Reassuring its users, CoinDCX said it would bear the entire loss from its own treasury reserves, which it claimed are 'sufficiently healthy" to absorb the impact. 'This won't cause any loss to our customers," Gupta emphasized. 'CoinDCX will be bearing the full amount." The CEO further urged users not to panic and avoid distress selling of their assets. INR Withdrawals And Trading Continue Smoothly
Time of India
4 days ago
- Business
- Time of India
CoinDCX confirms operations account breach, says user funds unaffected
BENGALURU: Crypto exchange CoinDCX on Friday said it is investigating a security breach involving one of its internal accounts, after blockchain experts flagged suspicious fund transfers linked to the platform. Tired of too many ads? go ad free now The company clarified that customer funds remain safe and unaffected. The breach, which CoinDCX described as 'server-side,' involved an operational account used for managing liquidity. While the company has not disclosed the exact amount of funds involved, independent blockchain trackers estimate that around $44 million may have been drained. The issue came to light after well-known on-chain investigator ZachXBT and security firm Cyvers pointed to unusual activity involving a CoinDCX-linked wallet. They said the wallet sent funds through Tornado Cash, a crypto tool often used to hide transaction trails, and moved the assets to the Ethereum blockchain. These transactions reportedly took place nearly 17 hours before CoinDCX acknowledged the incident publicly. Sumit Gupta, co-founder and CEO of CoinDCX, said the company quickly isolated the affected account and is working with external cybersecurity firms to investigate what went wrong. 'No customer funds have been impacted. Your assets remain completely safe and protected in our secure cold wallet infrastructure,' Gupta said in a post on microblogging site X. Gupta said that CoinDCX will absorb the loss from its own treasury and that regular trading and INR withdrawals continue to operate as usual. The company is also working with a partner exchange to trace the movement of funds and block further transfers. Tired of too many ads? go ad free now A bug bounty programme will be launched to encourage ethical disclosures of vulnerabilities, and updates will be shared in real time as the investigation progresses, Gupta added. CoinDCX has not yet confirmed the total value of assets lost or disclosed the name of the partner exchange assisting in the probe.
Yahoo
28-05-2025
- Business
- Yahoo
DeFi Platform Cork Protocol Suffers $12M Smart Contract Exploit
Decentralized finance (DeFi) platform Cork Protocol has suffered a smart contract exploit, with hackers reportedly stealing $12 million worth of wrapped staked ether (wstETH). Blockchain security monitor Cyvers noticed the exploit, stating that the malicious contract was deployed by a wallet likely funded by a service provider. It added that $12 million worth of wstETH was quickly swapped for ETH. Cork Protocol received investments from a16z crypto and OrangeDAO in September 2024. "There was a security incident affecting the wstETH:weETH market at 11:23 UTC today," Cork wrote on X. Cork added that it has paused all other markets as a precaution and that it is investigating the root cause. Security auditing company Debaub wrote that the attacker likely manipulated an issue with the smart contact's exchange rate by issuing fake tokens. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
01-04-2025
- Business
- Yahoo
Hacker Steals $70 Million in UPC Tokens After Gaining Control of UPCX Smart Contract
A hacker gained unauthorized access to the UPCX payment platform's smart contract, stealing 18.4 million UPC tokens valued at $70 million. The theft was flagged by blockchain security firm Cyvers, which traced the suspicious activity to a contract upgrade by the attacker. This upgrade allowed them to withdraw funds from three management accounts. In response to the breach, UPCX halted deposits and withdrawals and assured users that their personal funds were safe. The incident caused a significant dip in the UPC token price, dropping 7% initially and continuing to fall after the attack. From a high of $4.06, the price dropped to $3.52. The token's recent surge in value, driven by a rally earlier in the year, likely made it an attractive target for the hacker. However, the stolen tokens remained in a single Ethereum wallet and had not been swapped for other assets at the time of reporting. This attack follows patterns seen in previous exploits, according to Cyvers' co-founder Meir Dolev. He pointed out that compromised credentials and flawed access control mechanisms were often to blame for such breaches. He noted that these issues accounted for over 80% of Web3-related losses in 2024. Dolev also stressed the importance of improving security measures, particularly for wallet permissions and multisignature implementations, to prevent future incidents. The hack caused significant disruption to UPCX, a relatively new project that had been expanding its presence in niche markets, especially Southeast Asia. Despite launching its mainnet and introducing a native wallet, UPCX's reliance on the Ethereum network for most of its operations and smart contracts left it vulnerable to attacks like this one. Although the protocol offers limited trading on exchanges like and MEXC, the breach triggered an outflow of users, with hundreds of wallets emptying their UPCX balance. In addition to the stolen funds, the hack raised concerns about UPCX's token circulation. At the time of the attack, only 4.14 million UPC tokens were in circulation, with more than 50% of the total supply held by a few large wallets, including those controlled by the project's team. Most of the remaining tokens are locked under a long-term vesting schedule. The hacker's wallet now holds the largest portion of the stolen UPC, and the limited liquidity options for the token may make it difficult to offload these funds. As UPCX works to investigate the breach, the loss of $70 million marks one of the largest crypto hacks of 2025, surpassing the total stolen in March, which was only $33 million. The platform is under scrutiny to determine how the breach occurred and to implement stronger security protocols moving forward. Sign in to access your portfolio
