CoinDCX joins list of the biggest crypto breaches in recent times

In a major breach on July 18, Mumbai-based cryptocurrency exchange CoinDCX confirmed a hacking attack that resulted in a loss of approximately $44 million (nearly Rs 368 crore). The incident targeted an internal operational account used for liquidity operations on a partner exchange.

 

The affected account, the company clarified, did not hold any customer assets.

 

Sumit Gupta, co-founder of CoinDCX, described the breach as "sophisticated", revealing that hackers had exploited a server vulnerability. He further stated that the financial loss would be absorbed through the company’s treasury reserves, which are “sufficiently healthy” to cover the damage.

 

The CoinDCX attack comes amid a broader wave of crypto hacks globally, once again raising questions about the actual security of blockchain-based platforms. While blockchains themselves are designed to be secure, the surrounding infrastructure — including wallets, bridges, exchanges, and operational accounts — continues to face vulnerabilities.

 

According to blockchain analysis firm Chainalysis, over $1.7 billion in cryptocurrency was stolen in 2023, following a record $3.8 billion in 2022.

 

Which were the largest crypto hacks? 

The biggest theft in the sector’s history remains the $625 million hack of the Ronin Network in March 2022. This breach targeted the Axie Infinity blockchain game, with hackers — later linked to North Korea’s Lazarus Group — making off with Ether and stablecoins. Only a small portion of the stolen funds was recovered.

 

Following closely is the Poly Network hack of August 2021, where over $611 million was stolen. In a rare twist, the anonymous hacker returned most of the funds, claiming the act was carried out “for fun.”

 

The Binance BNB Bridge suffered a $569 million breach in October 2022 due to a flaw in its smart contract, while Japan’s Coincheck exchange lost $532 million in 2018 through vulnerabilities in its hot wallets.

 

In November 2022, FTX, once a major player in the crypto world, lost over $477 million on the same day it filed for bankruptcy. The company confirmed the hack on its Telegram channel, even warning users to delete its apps.

 

Why are cross-chain bridges and DeFi platforms popular targets? 

A common pattern across recent breaches is the targeting of cross-chain bridges — platforms that allow cryptocurrencies to be transferred between different blockchains. The Wormhole attack in February 2022 resulted in a $325 million theft, while Nomad Bridge lost $190 million shortly after.

 

In March 2023, Euler Finance, a DeFi lending platform, suffered a $197 million flash loan attack. Surprisingly, the attacker later returned much of the stolen funds, citing safety concerns.

 

In May 2024, Japan’s DMM Bitcoin exchange reported a $305 million theft, with Lazarus Group again suspected. Bybit, a major global exchange, disclosed a $1.5 billion breach in February, marking one of the largest losses to date.

 

In July last year, India’s WazirX suffered a $230 million theft — one of the biggest cyberattacks on an Indian exchange. Many of the affected 15 million investors reportedly faced severe financial hardship.

 

Meanwhile, Iran’s largest exchange, Nobitex, lost $90 million amid geopolitical tensions. The stolen funds carried messages allegedly criticising Iran’s Revolutionary Guard.

 

How do hackers launder stolen crypto? 

Tracking stolen crypto assets remains a key challenge. In the WazirX case, Netherlands-based Crystal Intelligence revealed that most of the stolen funds were laundered via TornadoCash, an open-source platform known for anonymising transactions. Only around $6 million remains traceable.

 

Are blockchain projects truly secure? 

Despite claims of blockchain being ‘ultra-secure’, repeated cyberattacks suggest otherwise. In 2024, around $2.2 billion worth of cryptocurrencies were stolen. This followed losses of $1.7 billion in 2023 and $3.8 billion in 2022, according to blockchain analysis firm Chainalysis. The figures continue to expose vulnerabilities across exchanges, cross-chain bridges, and decentralised finance (DeFi) platforms. The trend continued into 2024, with fresh breaches reported globally.

 

Even established exchanges like Coinbase have not been immune. In May this year, it estimated losses between $180 million and $400 million following a cyberattack that exploited insider leaks. The company confirmed that multiple contractors and employees working outside the US were paid by hackers to gather internal data.

 

State-sponsored actors, especially North Korea’s Lazarus Group, continue to dominate the crypto hacking space. The group has been linked to major breaches, including Ronin, DM Bitcoin, and Bybit.

 

Is crypto security a myth? 

Experts suggest that while blockchain technology itself may offer robust security features, the infrastructure surrounding it — including bridges, exchanges, and DeFi platforms — has repeatedly proven vulnerable. With evolving tactics such as flash loan attacks, insider threats and state-backed cyber warfare, the future is shaping up to be grim for cryptocurrency security.