CoinDCX, one of India’s largest centralized exchanges (CEXs), was the victim of a $44.3 million hack in July 2025. The attacker compromised one of the exchange’s servers to steal crypto from its hot wallet that was used to hold internal funds.
Inside the Attack
The CoinDCX hack is a classic example of an exchange hack likely involving a compromised private key. The attacker gained access to the exchange’s servers, likely stealing the private key stored there. Then, they drained the $44.3 million across multiple transactions within the space of about five minutes. The stolen funds were sent to multiple Solana addresses before being bridged to Ethereum.
In addition to its value, the CoinDCX hack was notable for the post-incident disclosure and response. The first mention was seventeen hours after the incident by ZachXBT, who identified the potential hack and its relation to CoinDCX. The impacted address wasn’t included in the CEX’s formal Proof of Reserves (PoR), requiring manual attribution.
After the incident was publicly disclosed, CoinDCX moved quickly to acknowledge it and praise its own transparency. This included posts by employees encouraging users to engage with the CEO’s post and applauding its transparency.
Lessons Learned from the Attack
The CoinDCX hack demonstrates the security risks of centralized key storage or critical application logic. According to the official statement, the attackers compromised a single one of the exchange’s internal servers, allowing them to steal an estimated $44.3 million from the exchange. While the incident didn’t impact customer funds, it represents a significant loss for the exchange.
The fact that the hack involved a compromised server also demonstrates the importance of implementing strong security controls for backend infrastructure. While security audits commonly focus on smart contract code, DeFi hackers are increasingly targeting private keys and backend systems in their attacks.
The incident was also a lesson in how to properly manage the aftereffects of a breach. Concealing the hack for seventeen hours until it was publicly disclosed, then posting self-promoting messages about the CEX’s transparency soured the user experience.
Preventing incidents like this requires implementing wallet security best practices, such as the use of multi-signature or MPC wallets to prevent a single server breach from compromising a valuable hot wallet. Halborn offers advisory services designed to help Web3 organizations secure all parts of their infrastructure, both on-chain and off-chain. To learn more about protecting your project against top DeFi threats, get in touch.