Sumit Gupta, CEO of CoinDCX, has criticized two major exchanges, WazirX and Phemex for their lack of transparency regarding recent security breeches. These exchanges’ attempt to save their image has cost great deal of money to the crypto community.
Gupta said on X that if both exchanges had disclosed their breaches like Bybit, the Safe vulnerability could have been caught earlier, possibly preventing Bybit’s hack.
Bybit recently experienced a $1.4 billion security breach in which hackers exploited Gnosis Safe multisig wallet vulnerabilities, employing delegatecall to modify transactions and steal cash.
Bybit publicly released the attack specifics, allowing other platforms to tighten their security. Meanwhile, Safe (previously Gnosis Safe) recognized the problem, initiated an investigation, and is working on security enhancements while encouraging users to adhere to best practices.
WazirX experienced a $230 million vulnerability in July 2024, when hackers exploited flaws in its Gnosis Safe multisig wallet, allowing illegal payment transfers.
In April 2024, Phemex was hacked, resulting in losses of more than $100 million. The assault followed a similar pattern, with hackers using rogue smart contracts to alter transactions and steal cash.
Gupta has noted that the three incidents in this hack had a common factor which is the involvement of Gnosis Safe multisig wallets. Hackers exploited delegatecall vulnerabilities in these wallets to modify contract storage and steal funds.
He said, “The attack deployed malicious smart contracts in advance to do a masked upgrade, containing hidden backdoors and the ability to manipulate contract storage and steal funds by executing unauthorized transfers by setting the “operation” field to 1 (delegatecall) instead of 0 (call).”
CoinDCX has implemented strong security measures to prevent such attacks as assured by Gupta. The exchange does not use Gnosis Safe wallets, reducing the risk of similar exploits.
Additionally, CoinDCX does not use smart contracts for fund transfers, which helps avoid risks like proxy attacks and delegatecall exploits. All transactions require manual approval to enhance security and prevent unauthorized fund movements.
Lastly, he said, “Hackers are getting quite active these days! We and our security team are always on our toes when it comes to security. Stay safe!”
Also Read: CoinDCX Updates Terms for Indian Users Effective Today
