1. At a Glance
India’s leading crypto exchange, CoinDCX, suffered a $44 million hack involving a compromised internal wallet, not customer funds. Web3 trading was halted. Cold wallets stayed untouched. Treasury funds will cover losses. But the breach raises bigger questions about security in crypto’s Wild West.
2. Introduction with Hook
Imagine your neighborhood bank getting robbed—not from the customer vault, but from its own cash drawer—and then tweeting, “Don’t worry, your money’s safe, ours isn’t.”
That’s exactly what CoinDCX pulled off.
- Incident: $44 million drained from CoinDCX’s operational wallet.
- Impact: User funds and cold wallets untouched.
- Response: Company will compensate the loss from its treasury.
This wasn’t some junior phishing error. It was a highly coordinated server-side exploit targeting hot wallets—those slick, online storage systems crypto platforms use for day-to-day liquidity.
3. Business Model – WTF Do They Even Do?
CoinDCX is one of India’s largest cryptocurrency exchanges. The business runs on two engines:
- Retail Trading: Spot, margin, and derivatives trading for crypto users.
- Operational Infrastructure: Uses hot wallets to settle internal transactions and manage liquidity.
They make money via:
- Trading fees
- Spreads on crypto pairs
- Margin lending revenue
What went down? Their internal operational wallet (not connected to users) got drained. Essentially, their own drawer got
