CoinDCX suffers $44M crypto hack in major security breach

CoinDCX, one of India’s largest cryptocurrency exchanges, has suffered a significant security breach resulting in the loss of approximately ₹378 crore ($44 million). The company attributed the incident to a “sophisticated server breach” that enabled unauthorised access to internal funds. The breach has sparked concerns regarding cybersecurity standards within India’s crypto sector.

Details of the CoinDCX breach

The breach involved an internal operational wallet used by CoinDCX for liquidity provisioning on a partner exchange. While user wallets were not directly affected, the incident exposed vulnerabilities in internal server security. The attackers transferred the stolen assets via Solana-Ethereum blockchain bridges to obscure the transaction trail. The stolen funds included approximately 4,443 ETH (around $15.7 million) and 155,830 SOL (around $27.6 million), which currently remain inactive.

Blockchain investigator ZachXBT was the first to detect and publicly report the suspicious activity. His findings prompted CoinDCX to investigate and subsequently confirm the breach.

CoinDCX’s response

Following the breach, CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal addressed the incident on social media platform X, confirming that customer wallets were not impacted. They assured users that the company would cover the ₹378 crore loss using its treasury reserves. Despite the intrusion, CoinDCX’s trading platform remained fully operational.

Although customer assets were stored in custodial wallets not linked to the compromised internal wallet, the breach triggered a surge in withdrawal requests, temporarily overwhelming the system. The Portfolio APIs crashed, preventing users from accessing their balance information and causing concern. The issue was resolved shortly thereafter.

Sumit Gupta stated, “Today, one of our internal operational accounts—used solely for liquidity provisioning on a partner exchange—was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and remain completely secure. This incident will not result in any loss to our customers. CoinDCX will bear the full amount.”

He added, “I want to thank everyone who reached out with support and sought clarity in the spirit of trust and transparency. At CoinDCX, our foremost responsibility is to our users and the security of their assets. While this breach was limited to one internal operational account—and no customer funds were impacted—we take this incident with the utmost seriousness.”

Hi everyone,

At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.

Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a… pic.twitter.com/L1kZhjKAxQ

— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025

Co-founder, Neeraj Khandelwal posted, “The total amount lost was ₹378 crore ($44 million) out of our treasury assets. CoinDCX Treasury will be bearing these losses.”

Recovery and investigation efforts

CoinDCX has launched a recovery bounty programme, offering up to 25% of the stolen funds—capped at $11 million—to individuals who assist in recovering assets or identifying those responsible. The exchange is collaborating with global cybersecurity firms including Sygnia, zeroShadow, and Seal911.

Additional support is being provided by the Solana Foundation, Superteam, Wormhole, and deBridge. CoinDCX has reported the incident to India’s Computer Emergency Response Team (CERT-In) and is undergoing a forensic investigation to trace the breach.

Comparison with WazirX hack

This breach follows a similar incident at WazirX in 2024, where a wallet compromise resulted in a loss of ₹1,965 crore. Unlike WazirX, which had to halt withdrawals and faced significant disruption, CoinDCX maintained platform functionality and absorbed the financial loss internally. These incidents highlight persistent vulnerabilities in operational wallets used by Indian cryptocurrency exchanges.

Broader implications for Indian crypto

The breach underscores the growing cybersecurity threats in both decentralised (DeFi) and centralised (CeFi) finance. Attackers are increasingly targeting internal infrastructure, such as liquidity wallets and blockchain bridges. The incident has intensified calls for regulatory oversight. Industry experts are advocating for the implementation of centralised reporting systems, insurance mechanisms, and mandatory breach disclosures. While decentralisation remains a core principle of cryptocurrency, trust and transparency continue to be critical for maintaining user confidence—especially during security incidents.