Latest news with #SumitGupta
Yahoo
3 days ago
- Business
- Yahoo
Indian crypto exchange CoinDCX confirms $44M stolen during hack
India's largest crypto exchange CoinDCX has confirmed that one of its internal operational accounts was compromised in a recent security breach, allowing the hackers to make off with millions in crypto. On Saturday, CoinDCX co-founder and CEO Sumit Gupta disclosed in a post on X that an internal account 'used only for liquidity provisioning on a partner exchange' was compromised during the hack. The executive assured that the incident did not affect customer funds and that all its customer assets remain secure. Earlier in the day, crypto security researcher ZachXBT reported that around $44.2 million was drained from CoinDCX's coffers due to the incident. 'The attacker address was funded with 1ETH [Ethereum] Tornado Cash and later bridged a portion of the stolen funds from Solana to Ethereum,' the researcher posted on their Telegram channel. CoinDCX confirmed the loss amount to TechCrunch, stating that the funds were routed through Solana-Ethereum bridges and consolidated into 4,443 Ethereum and 155,830 Solana, which currently remain dormant. The crypto exchange also noted that it is working with India's Computer Emergency Response Team, CERT-In, and partner exchanges to investigate the matter. The Indian crypto exchange, registered with the government's Financial Intelligence Unit, boasts over 16 million users and offers access to more than 500 crypto assets. 'The incident was quickly contained by isolating the affected operational account,' said Gupta in an X post. 'Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us — from our own treasury reserves.' Gupta noted that the company was working with the exchange partner to block and recover assets. 'I understand incidents like this can be unsettling — even when customer assets are unaffected,' he said. The exchange also launched a 'recovery bounty' program on Monday to award up to 25% of any recovered funds to anyone who can help trace and retrieve the stolen crypto. 'More than recovering the stolen funds, what is important for us is to identify and catch the attackers, because such things shouldn't happen again, not with us, not with anyone in the industry,' said Gupta. News of the breach comes almost exactly a year since the massive breach at Indian crypto exchange giant WazirX, which resulted in the loss of $230 million — nearly half its reserves. The exchange halted trading after the loss. It remains unclear, however, whether there are any connections between the two incidents.
India.com
3 days ago
- Business
- India.com
Rs 1900000000000 lost in a year due to…., loss suffered by many including…
Indian cryptocurrency exchange CoinDCX has reported a security breach that led to the theft of $44.2 million (around Rs 378 crore). However, the company's founders took to X to reassure users that customer funds remain safe and unaffected, clarifying that the breach was limited to an internal operational account. CoinDCX Hit By USD 44.2 mn Security Breach The total exposure is being absorbed entirely by CoinDCX, using the company's treasury reserves, the company said in a First Incident Report released on Sunday. According to the report, on July 19, at 4 AM IST, CoinDCX security systems detected an incident involving unauthorised access to one of its accounts on the partner exchange, leading to a financial exposure of about USD 44 million. The incident once again puts the spotlight on mounting security threats in the highly volatile world of cryptocurrencies. Last year, crypto exchange WazirX faced a hack in India, leading to the loss of more than USD 230 million, and marking one of the biggest such heists in India. The theft had prompted a thorough examination of safety measures and eroded sentiments. CoinDCX On Attack CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal took to the social media platform X to address the situation, confirming that the attack was the result of a sophisticated server breach, targeting an internal wallet, not the ones holding customer assets. The incident was first flagged by blockchain investigator ZachXBT, following which the exchange made the disclosure public. 'Today, one of our internal operational accounts — used only for liquidity provisioning on a partner exchange — was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won't cause any loss to our customers. CoinDCX will be bearing the full amount,' Gupta said. 'The total amount lost was USD 44Mn out of our treasury assets. Coindcx Treasury will be bearing these losses,' Khandelwal wrote. Affected infrastructure has been completely isolated, and CoinDCX operations continue to run normally, the company said. Risk In Crypto Currency Investment Crypto thefts in 2025 had already crossed USD 2.17 billion before last week's USD 44 million CoinDCX hack, underlining relentless cyber threat escalation in the digital currency world, according to the latest data. Blockchain analytics platform Chainalysis' 2025 crypto crime mid-year update says that over USD 2.17 billion was stolen from cryptocurrency services so far in 2025, and 'this year is more devastating than the entirety of 2024'. By the end of June 2025, 17 per cent more value had been stolen year-to-date (YTD) than in 2022, previously the worst year on record. The USD 1.5 billion hack of ByBit, the largest single hack in crypto history, accounts for the majority of service losses. So far in 2025, significant concentrations of stolen fund victims have emerged in the US, Germany, Russia, Canada, Japan, Indonesia, and South Korea, it said. 'Regionally, Eastern Europe, MENA, and CSAO (Central and Southern Asia and Oceania) saw the most rapid H1 2024 to H1 2025 growth in victim totals,' it said. (With Inputs From PTI)
India.com
3 days ago
- Business
- India.com
Rs 3780000000 loss: Major security breach hits Indian crypto exchange CoinDCX, here's what exactly happened?
Rs 3780000000 loss: Major security breach hits Indian crypto exchange CoinDCX, here's what exactly happened? A major security breach was reported at Indian cryptocurrency exchange CoinDCX in recent days. Because of the security breach**,** the company lost approximately Rs 378 crore (USD 44.2 million). As per reports, the incident took place on July 19 at around 4 am. Someone made unauthorised access to an internal operational account on a partner exchange. However, CoinDCX has assured its users that the security breach will not affect their funds and they will remain secure. CoinDCX Filed An FIR According to the FIR, the Indian cryptocurrency exchange stated that it is covering the entire financial loss using its own treasury funds, so customers won't be affected. Co-founders Sumit Gupta and Neeraj Khandelwal took to X and attributed the major security breach to 'sophisticated server attack' that attacked the internal wallet whish is used by the company for liquidity provisioning. 'Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won't cause any loss to our customers. CoinDCX will be bearing the full amount,' Gupta wrote in the post. 'The total amount lost was Rs378 crore ($44 million) out of our treasury assets. CoinDCX Treasury will be bearing these losses,' Khandelwal posted. Who Detected The Security Breach? The security breach was first detected by blockchain investigator ZachXBT, following which CoinDCX made the announcement. A 17-hour delay in publicly disclosing the incident has drawn online criticism, despite widespread praise for the company's efforts to safeguard user funds. Withdrawal Requests Overwhelmed CoinDCX's Systems As soon as the security breach news came out, users overwhelmed the CoinDCX's systems with withdrawal requests, leading to its portfolio APIs becoming temporarily unresponsive. The API is responsible for displaying balances and transaction histories, but due to the unresponsiveness, several users were stuck and were unable to view their holdings. Following a security breach, CoinDCX fired leading cybersecurity firms and reported the incident to India's CERT-In. A full investigation is underway, and the company plans to release its findings. This incident comes after a significant 2024 hack of WazirX, resulting in India's largest cryptocurrency exchange theft to date, exceeding Rs1,965 crore (USD 230 million).
New Indian Express
3 days ago
- Business
- New Indian Express
After $44 million crypto theft, CoinDCX says it's financially strong and here to stay
BENGALURU: After the recent $44 million crypto theft, CoinDCX on Tuesday said it is financially strong, fully operational and committed to building for the long-term. Co-founder Sumit Gupta said, 'CoinDCX is more focused than ever on building India's most trusted crypto company - with integrity, resilience, and long-term vision. We're building stronger. We're moving faster. And we're not slowing down. DCX Group is focused on building for the next decade of crypto adoption. Strong revenue, user-first actions, and deep investor confidence form the foundation for our next phase of growth. We're here to stay, lead, and grow.' It also said that DCX Group -- comprising CoinDCX (India), BitOasis (UAE and Bahrain), and Okto -- is a high-growth, financially sound business built for scale and that its annualised group revenue stands at Rs 1,179 crore and assets under custody (AUC) are over Rs 10,000 crore. Meanwhile, Web3 venture firm Hashed Emergent has released the COINS Act — a non-binding model law intended to support the country's crypto policy dialogue with a structured, constitutionally aligned framework for regulating crypto-assets and decentralised systems.
&w=3840&q=100)
Business Standard
3 days ago
- Business
- Business Standard
CoinDCX joins list of the biggest crypto breaches in recent times
In a major breach on July 18, Mumbai-based cryptocurrency exchange CoinDCX confirmed a hacking attack that resulted in a loss of approximately $44 million (nearly Rs 368 crore). The incident targeted an internal operational account used for liquidity operations on a partner exchange. The affected account, the company clarified, did not hold any customer assets. Sumit Gupta, co-founder of CoinDCX, described the breach as "sophisticated", revealing that hackers had exploited a server vulnerability. He further stated that the financial loss would be absorbed through the company's treasury reserves, which are 'sufficiently healthy' to cover the damage. The CoinDCX attack comes amid a broader wave of crypto hacks globally, once again raising questions about the actual security of blockchain-based platforms. While blockchains themselves are designed to be secure, the surrounding infrastructure — including wallets, bridges, exchanges, and operational accounts — continues to face vulnerabilities. According to blockchain analysis firm Chainalysis, over $1.7 billion in cryptocurrency was stolen in 2023, following a record $3.8 billion in 2022. Which were the largest crypto hacks? The biggest theft in the sector's history remains the $625 million hack of the Ronin Network in March 2022. This breach targeted the Axie Infinity blockchain game, with hackers — later linked to North Korea's Lazarus Group — making off with Ether and stablecoins. Only a small portion of the stolen funds was recovered. Following closely is the Poly Network hack of August 2021, where over $611 million was stolen. In a rare twist, the anonymous hacker returned most of the funds, claiming the act was carried out 'for fun.' The Binance BNB Bridge suffered a $569 million breach in October 2022 due to a flaw in its smart contract, while Japan's Coincheck exchange lost $532 million in 2018 through vulnerabilities in its hot wallets. In November 2022, FTX, once a major player in the crypto world, lost over $477 million on the same day it filed for bankruptcy. The company confirmed the hack on its Telegram channel, even warning users to delete its apps. Why are cross-chain bridges and DeFi platforms popular targets? A common pattern across recent breaches is the targeting of cross-chain bridges — platforms that allow cryptocurrencies to be transferred between different blockchains. The Wormhole attack in February 2022 resulted in a $325 million theft, while Nomad Bridge lost $190 million shortly after. In March 2023, Euler Finance, a DeFi lending platform, suffered a $197 million flash loan attack. Surprisingly, the attacker later returned much of the stolen funds, citing safety concerns. In May 2024, Japan's DMM Bitcoin exchange reported a $305 million theft, with Lazarus Group again suspected. Bybit, a major global exchange, disclosed a $1.5 billion breach in February, marking one of the largest losses to date. In July last year, India's WazirX suffered a $230 million theft — one of the biggest cyberattacks on an Indian exchange. Many of the affected 15 million investors reportedly faced severe financial hardship. Meanwhile, Iran's largest exchange, Nobitex, lost $90 million amid geopolitical tensions. The stolen funds carried messages allegedly criticising Iran's Revolutionary Guard. How do hackers launder stolen crypto? Tracking stolen crypto assets remains a key challenge. In the WazirX case, Netherlands-based Crystal Intelligence revealed that most of the stolen funds were laundered via TornadoCash, an open-source platform known for anonymising transactions. Only around $6 million remains traceable. Are blockchain projects truly secure? Despite claims of blockchain being 'ultra-secure', repeated cyberattacks suggest otherwise. In 2024, around $2.2 billion worth of cryptocurrencies were stolen. This followed losses of $1.7 billion in 2023 and $3.8 billion in 2022, according to blockchain analysis firm Chainalysis. The figures continue to expose vulnerabilities across exchanges, cross-chain bridges, and decentralised finance (DeFi) platforms. The trend continued into 2024, with fresh breaches reported globally. Even established exchanges like Coinbase have not been immune. In May this year, it estimated losses between $180 million and $400 million following a cyberattack that exploited insider leaks. The company confirmed that multiple contractors and employees working outside the US were paid by hackers to gather internal data. State-sponsored actors, especially North Korea's Lazarus Group, continue to dominate the crypto hacking space. The group has been linked to major breaches, including Ronin, DM Bitcoin, and Bybit. Is crypto security a myth? Experts suggest that while blockchain technology itself may offer robust security features, the infrastructure surrounding it — including bridges, exchanges, and DeFi platforms — has repeatedly proven vulnerable. With evolving tactics such as flash loan attacks, insider threats and state-backed cyber warfare, the future is shaping up to be grim for cryptocurrency security.
