Sumit Gupta, CEO of CoinDCX, has strongly criticized WazirX and Phemex for their failure to disclose recent crypto security breaches in a timely manner. Gupta accused both exchanges of prioritizing their reputation over user security, which, he claims, has resulted in massive financial losses for the crypto community.
Taking to X (formerly Twitter), Gupta emphasized that if WazirX and Phemex had been transparent about their breaches—similar to Bybit—the Gnosis Safe vulnerability could have been detected earlier. This, he suggested, might have helped prevent the Bybit hack, which resulted in a loss of $1.4 billion.
The Bybit Hack: A Lesson in Transparency
Bybit’s massive security breach was caused by Gnosis Safe multisig wallet vulnerabilities, where attackers exploited delegatecall to modify transactions and siphon funds. However, unlike WazirX and Phemex, Bybit publicly disclosed the attack, enabling other crypto exchanges to strengthen their security.
Following the hack, Safe (formerly Gnosis Safe) acknowledged the exploit and launched an investigation to improve security measures. The company also urged users to adopt best practices to safeguard their assets.
WazirX and Phemex Under Fire for Hiding Breaches
While Bybit took immediate action, WazirX and Phemex allegedly remained silent, exposing their users to further risks.
- WazirX Hack: In July 2024, WazirX suffered a $230 million breach after hackers exploited weaknesses in its Gnosis Safe multisig wallet, facilitating unauthorized transfers.
- Phemex Hack: In April 2024, Phemex lost over $100 million in a smart contract exploit where cybercriminals manipulated transactions using rogue contracts.
Gnosis Safe Multisig Wallets: A Common Security Weakness?
Gupta highlighted that all three incidents share a common vulnerability—Gnosis Safe multisig wallets. Hackers used delegate call exploits to manipulate contract storage and execute unauthorized transfers.
Explaining the attack method, Gupta stated:
“The attackers deployed malicious smart contracts in advance to conduct a masked upgrade containing hidden backdoors. This allowed them to manipulate contract storage and steal funds by setting the ‘operation’ field to 1 (delegatecall) instead of 0 (call).”
How CoinDCX Mitigates Security Risks
Unlike WazirX and Phemex, CoinDCX has implemented robust security protocols to prevent similar exploits. Gupta reassured users that:
- No Gnosis Safe Wallets: CoinDCX does not use Gnosis Safe, reducing exposure to multisig wallet vulnerabilities.
- No Smart Contracts for Fund Transfers: Avoiding proxy contract risks, eliminating potential delegatecall exploits.
- Manual Approval for Transactions: All fund transfers require human verification, ensuring enhanced security against unauthorized withdrawals.
Gupta concluded by urging users to stay cautious:
“Hackers are becoming increasingly sophisticated. At CoinDCX, our security team is constantly monitoring threats to protect our users. Stay vigilant and stay safe!”
Final Thoughts
Gupta’s revelations serve as a wake-up call for the crypto industry. Transparency and proactive security measures are essential to protecting user funds. While Bybit’s swift disclosure helped prevent further damage, WazirX and Phemex’s silence could have put the entire crypto ecosystem at risk.
As the threat of crypto hacks grows, investors and traders must prioritize security and choose trustworthy exchanges that uphold transparency and safety.
Disclaimer:
This news article is for informational purposes only. We do not guarantee accuracy, reliability, or completeness. The views expressed belong to the respective sources. Readers are advised to verify facts independently and use discretion before making any decisions.