Crypto exchanges CoinDCX and BigONE lost a combined $71 million in separate incidents last week, both originating from what appear to be infrastructure-level failures that allowed attackers to access hot wallets.
According to blockchain security firm Blockaid, neither case involved smart contract exploits. Instead, attackers seem to have bypassed controls at the wallet level due to assumptions that internal systems and signers were inherently secure.
“Control handed to attackers because the infrastructure assumed the signer was inherently safe,” the firm wrote in an X thread.
CoinDCX, based in India, reportedly lost $44 million from an operational liquidity wallet after attackers gained access to backend infrastructure.
Meanwhile, BigONE, registered in the Seychelles, lost roughly $27 million in what it described as a supply chain attack. The incident appears to have involved the manipulation of backend server logic, which may have enabled unauthorized withdrawals without compromising private keys.
MPC Alone Is Not Enough
Blockaid argues that security frameworks relying solely on multisignature or multi-party computation — also known as MPC — setups are insufficient. The firm called on exchanges to adopt additional measures such as transaction simulation, policy enforcement, and intent verification during the signing process.
In a commentary for The Defiant, Shahar Madar, vice president of security and trust products at Fireblocks, a blockchain infrastructure provider known for its institutional-grade MPC solutions, said the incidents illustrate how infrastructure-level attacks can circumvent isolated security layers. He noted that while MPC is “critical for strong key management, it is only one layer of defense.”
“The attacks we have seen exploit weaknesses across the entire stack,” Madar said, adding that the only way to stop them is with a “fully integrated architecture.”
He pointed to the importance of combining MPC with secure infrastructure — such as hardware-based enclaves — and policy engines that enforce transaction approvals, wallet segregation, and real-time spending limits. According to Madar, when these layers are properly implemented, they can prevent the kind of unauthorized access seen in the CoinDCX and BigONE exploits.
Blockaid says the latest breaches reflect a broader pattern of exchange-level incidents stemming from infrastructure compromise rather than on-chain vulnerabilities. The firm cited Q2 2024 data indicating that more than 65% of crypto-related losses — totaling around $500 million — were tied to centralized exchange infrastructure.
