CoinDCX, India’s largest cryptocurrency exchange, confirmed a major security breach that resulted in the theft of about $44.2 million in digital assets, according to a report by TechCrunch. The attack, which occurred on July 19, targeted an internal operational account used for liquidity provisioning on a partner exchange.
The Mumbai-based exchange assured users that customer funds remain secure, and the company will absorb the losses from its treasury reserves. This incident marks the second significant hack of an Indian crypto exchange within a year, raising concerns about the security of digital assets in the region.
The cyberattack was first flagged by blockchain investigator ZachXBT, who reported suspicious activity on July 19, nearly 17 hours before CoinDCX’s public acknowledgement.
According to ZachXBT, the attacker’s wallet was funded with 1 Ethereum (ETH) via Tornado Cash, a crypto mixer used to obscure transaction origins. The stolen funds, totalling $44.2 million, were bridged from Solana to Ethereum, with assets consolidated into 4,443 ETH and 155,830 SOL, currently dormant in known addresses.
CoinDCX confirmed these details to TechCrunch, noting the sophisticated nature of the server breach that enabled the exploit.
CoinDCX’s co-founder and CEO, Sumit Gupta, addressed the incident in a post on X, stating, “The incident was quickly contained by isolating the affected operational account.”
He emphasised that customer wallets, stored in secure cold storage, were unaffected. “Our operational accounts are segregated from customer wallets, limiting the exposure to this specific account,” Gupta added.
The exchange has restored normal operations, including INR deposits, withdrawals, and centralised trading, though its Web3 services were temporarily paused as a precaution.
CoinDCX response and recovery efforts
CoinDCX is collaborating with India’s Computer Emergency Response Team (CERT-In), partner exchanges, and global cybersecurity experts to investigate the breach and trace the stolen funds.
The company announced plans to launch a recovery bounty programme, offering up to 25% of recovered assets to individuals or teams who assist in retrieving the funds or identifying the perpetrators.
“This is about rallying our ecosystem against cybercrime,” CoinDCX stated in a blog post. The exchange’s swift response and commitment to covering losses have been praised, though some users criticised the 17-hour delay in public disclosure.
Neeraj Khandelwal, CoinDCX’s co-founder, addressed the delay on X, explaining that the priority was securing assets before making a public statement.
“Our first and foremost objective has been to secure assets,” Khandelwal wrote, confirming the loss amounted to roughly $44 million from treasury reserves.
The company’s financial resilience, bolstered by a $2.3 billion valuation and $584.2 million in total assets as of June 2025, allows it to absorb the loss without impacting users.
The CoinDCX hack follows a similar incident at WazirX, another Indian crypto exchange, which lost $234 million in July 2024 due to a multisignature wallet exploit linked to North Korea’s Lazarus Group.
The recurrence of high-profile breaches in India’s crypto sector underscores ongoing vulnerabilities in centralised exchanges. According to CertiK’s latest report, hackers stole $2.47 billion globally in the first half of 2025, surpassing 2024’s total losses. Centralised exchanges accounted for over 65% of Q2 2024 losses, with wallet access breaches costing nearly $500 million.
Cyvers Alerts, a blockchain threat intelligence firm, initially detected the suspicious withdrawals from CoinDCX’s hot wallet. The attack’s use of cross-chain bridges to move funds between Solana and Ethereum highlights the increasing sophistication of cybercriminals targeting crypto platforms.
“Centralised exchanges remain prime targets due to the high value and liquidity of digital assets,” said Meir Dolev, CTO of Cyvers.
Founded in 2018, CoinDCX has grown into India’s leading crypto exchange, serving over 16 million users and offering access to more than 500 crypto assets. The company became India’s first crypto unicorn in 2021, raising $90 million at a $1.1 billion valuation, followed by a $135 million round in 2022, pushing its valuation to $2.15 billion.
Backed by investors like B Capital, Coinbase Ventures, and Polychain Capital, CoinDCX has positioned itself as a security-focused platform, maintaining monthly transparency reports and a $7 million compensation fund for potential user losses.
However, the breach raises questions about operational security at Indian crypto exchanges, especially as the sector operates without a comprehensive regulatory framework. The CoinDCX incident could intensify scrutiny from Indian regulators, who have expressed concerns about crypto security and oversight.
CoinDCX’s response, including its bounty programme and collaboration with cybersecurity experts, aims to mitigate the damage and prevent future breaches.
The exchange plans to implement advanced multi-signature authentication and transition more assets to cold wallets to enhance security. Meanwhile, the incident has reignited discussions about self-custody wallets, which allow users to hold private keys directly, reducing reliance on centralised platforms.
Technext Newsletter
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!
