Coinbase in talks to acquire CoinDCX: Report
US-based crypto giant Coinbase is reportedly in advanced talks to acquire one of India’s top digital asset exchanges, CoinDCX. The negotiations come shortly after CoinDCX’s recent $44 million security breach, an incident that has significantly dented the company’s market value and reputation.
According to media reports, the deal, if finalised, would value CoinDCX at under $1 billion, a steep fall from its $2.2 billion valuation in 2021. While Coinbase has yet to confirm the acquisition, the talks reflect a broader strategy by the US firm to deepen its roots in the high potential but still volatile Indian crypto market.
Coinbase holds equity in CoinDCX and rival platform CoinSwitch
Coinbase is no stranger to India’s crypto scene. It already holds equity in both CoinDCX and rival platform CoinSwitch, positioning itself as a silent player in the subcontinent’s fast-evolving crypto market. One source described the potential acquisition as “a low-cost gamble with high upside” if the Indian crypto ecosystem eventually stabilises and scales.
In March 2025, Coinbase registered with India’s Financial Intelligence Unit (FIU)—a key step in launching its retail trading operations. “India represents one of the most exciting market opportunities in the world today,” said John O’Loghlen, Managing Director for Coinbase Asia-Pacific.
Details of the CoinDCX breach
On 19 July, CoinDCX, disclosed it has suffered a significant security breach which led to a loss of approximately ₹378 crore ($44 million). The incident was attributed to a “sophisticated server breach” that enabled unauthorised access to internal funds, sparking concerns regarding cybersecurity standards within India’s crypto sector.
The breach involved an internal operational wallet used by CoinDCX for liquidity provisioning on a partner exchange. Although user wallets were not directly affected, the incident has exposed vulnerabilities in internal server security. The attackers transferred the stolen assets via Solana-Ethereum blockchain bridges to obscure the transaction trail. The stolen funds included 4,443 ETH, which is around $15.7 million, and 155,830 SOL, tranlating to about $27.6 million, which currently remain inactive. Blockchain investigator ZachXBT was the first to detect and publicly report the suspicious activity. His findings prompted CoinDCX to investigate and subsequently confirm the breach.
CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal addressed the incident on social media platform X. In the social media post, they confirmed that customer wallets were not impacted. They assured users that the company would cover the ₹378 crore loss using its treasury reserves. Despite the intrusion, CoinDCX’s trading platform remained fully operational.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a… pic.twitter.com/L1kZhjKAxQ
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
Although customer assets were stored in custodial wallets not linked to the compromised internal wallet, the breach triggered a surge in withdrawal requests. The surge in such requests temporarily overwhelmed the system. The Portfolio APIs crashed, preventing users from accessing their balance information and causing concern. The issue was resolved shortly thereafter.
Sumit Gupta stated, “Today, one of our internal operational accounts—used solely for liquidity provisioning on a partner exchange—was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and remain completely secure. This incident will not result in any loss to our customers. CoinDCX will bear the full amount.”
He added, “I want to thank everyone who reached out with support and sought clarity in the spirit of trust and transparency. At CoinDCX, our foremost responsibility is to our users and the security of their assets. While this breach was limited to one internal operational account—and no customer funds were impacted—we take this incident with the utmost seriousness.”
