en.coinotag.com
-
Indian crypto exchange CoinDCX suffered a significant security breach, resulting in a loss of approximately $44.2 million through a sophisticated cross-chain exploit.
-
Blockchain analysts ZachXBT and Cyvers traced the attack’s origin to Tornado Cash and Solana bridges, revealing a complex laundering operation.
-
Despite the breach, CoinDCX’s CEO assured users that customer funds remain secure and that the platform’s operations continue without interruption.
CoinDCX faces a $44.2 million cross-chain hack linked to Tornado Cash and Solana bridges; CEO confirms user funds are safe amid ongoing investigation.
Cross-Chain Exploit Highlights Vulnerabilities in Crypto Liquidity Management
The recent CoinDCX breach underscores the increasing risks associated with managing liquidity across multiple blockchain networks. The attacker exploited an internal wallet, not disclosed in the exchange’s proof-of-reserve reports, to siphon off funds through a coordinated cross-chain strategy involving Solana and Ethereum networks. This incident highlights the critical need for enhanced security protocols surrounding internal wallets, especially those used for liquidity provisioning on partner platforms. Cross-chain exploits remain a growing threat vector as decentralized finance (DeFi) ecosystems expand, necessitating robust monitoring and rapid response mechanisms.
Tracing the Attack: Tornado Cash and Solana Bridges in Focus
Security researchers ZachXBT and Cyvers provided detailed on-chain analysis revealing that the attacker initiated the hack by receiving 1 ETH via Tornado Cash, a privacy-focused mixer often scrutinized for its role in obfuscating illicit fund flows. Subsequently, the attacker bridged assets from Solana to Ethereum, leveraging multiple wallets to complicate traceability. This methodical movement of assets through various protocols demonstrates a sophisticated laundering technique designed to evade detection. The use of Tornado Cash in this context reaffirms ongoing concerns about privacy tools being exploited for malicious purposes within the crypto space.
CoinDCX Hack. Source: ZachXBT
CoinDCX’s Response and Assurance on User Fund Safety
Sumit Gupta, Co-founder and CEO of CoinDCX, promptly addressed the breach, clarifying that the compromised wallet was an internal operational account used solely for liquidity provisioning on a partner exchange, not a user-facing wallet. Gupta emphasized the platform’s commitment to transparency and swift action, stating that affected internal systems have been frozen and that CoinDCX is collaborating with cybersecurity experts to contain the breach and prevent further damage. This proactive stance aims to maintain user trust while the investigation continues.