CoinDCX, one of India’s largest crypto exchanges, was hacked on Saturday, with around $44 million drained from one of its internal operational accounts.

Security firm Cyvers and onchain sleuth ZachXBT found that the attacker’s wallet was initially funded with 1 ETH via crypto mixer Tornado Cash. A portion of the stolen funds were then bridged from Solana to Ethereum to obscure their trail.

The exchange’s CEO Sumit Gupta, and co-founder Neeraj Khandelwal, said that no customer funds were affected and user assets remain fully secure in cold wallets.

This story is an excerpt from the Unchained Daily newsletter.

The breach was triggered by what the company describes as a “sophisticated server breach”, allowing the attacker to compromise an internal account used solely for liquidity provisioning with a partner exchange.

“Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us – from our own treasury reserves,” said Gupta on X. 

“We are collaborating with the exchange partner to block and recover assets, including coming out with a bug bounty program soon,” he added.