CoinDCX CEO Sumit Gupta Criticizes WazirX and Phemex for Their Lack of Transparency Regarding Recent Security Breaches

input: Sumit Gupta, CEO of CoinDCX, has criticized two major exchanges, WazirX and Phemex for their lack of transparency regarding recent security breeches.

Sumit Gupta, the CEO of CoinDCX, has expressed his view on X about two major exchanges, WazirX and Phemex, lacking transparency regarding recent security breaches. In his opinion, this lack of transparency has had a huge impact on the crypto community with two exchanges having to deal with⁷ huge sums stolen.

Gupta feels that if both exchanges had disclosed their breaches like Bybit, the Safe vulnerability could have been caught earlier, potentially preventing Bybit’s hack.

Unpopular Opinion: If WazirX and Phemex had disclosed all of their security breach details openly and transparently as Bybit did, the Safe{wallet} infra vulnerability could have been caught, and the Bybit hack could have been prevented. @benbybitOne thing common in these 3…— Sumit Gupta (CoinDCX) (@smtgpt) February 26, 2025

Bybit recently suffered a $1.4 billion security breach where hackers exploited Gnosis Safe multisig wallet vulnerabilities using delegatecall to modify transactions and steal cash.

Bybit disclosed the attack specifics enabling other platforms to strengthen their security. Meanwhile, Safe (formerly Gnosis Safe) acknowledged the issue, began an investigation, and is working on security enhancements while urging users to follow best practices.

In July 2024, WazirX encountered a vulnerability amounting to $230 million when hackers exploited flaws in its Gnosis Safe multisig wallet for illegal payment transfers.

In April 2024, Phemex was hacked leading to losses of over $100 million. The assault followed a similar pattern with hackers using rogue smart contracts to alter transactions and steal cash.

Gupta observed that the three incidents in this hack had a common factor being the involvement of Gnosis Safe multisig wallets. Hackers exploited delegatecall vulnerabilities in these wallets to modify contract storage and steal funds.

He explained, “The attack deployed malicious smart contracts in advance to do a masked upgrade, containing hidden backdoors and the ability to manipulate contract storage and steal funds by executing unauthorized transfers by setting the ‘operation’ field to 1 (delegatecall) instead of 0 (call).”

CoinDCX has implemented strong security measures to prevent such attacks as assured by Gupta. The exchange does not use Gnosis Safe wallets, reducing the risk of similar exploits.

Additionally, CoinDCX does not use smart contracts for fund transfers, which helps avoid risks like proxy attacks and delegatecall exploits. All transactions require manual approval to enhance security and prevent unauthorized fund movements.

Lastly, Gupta emphasized, “Hackers are getting quite active these days! We and our security team are always on our toes when it comes to security. Stay safe!”