Crypto Platform CoinDCX Loses $44 Million in Cyberattack
The Indian crypto exchange said client funds remain safe after a coordinated theft targeted its internal liquidity account, calling the incident a wake-up call for the industry
News
- Indian IT Recasts Talent Strategy as AI Reshapes Operations
- TCS to Shed 12,000 Jobs This Fiscal, Says AI Isn't the Reason
- CoverSure Partners with Jupiter to Bring AI-Powered Insurance Clarity
- OpenAI's GPT-5 Is Coming, But AGI May Have to Wait
- Google AI Cracks Gold at Maths Olympiad with Gemini Deep Think
- OpenAI Chief Sees Fraud Crisis Brewing as AI Clones Identities
CoinDCX, one of India’s largest cryptocurrency exchanges, said a security breach last week led to the theft of about ₹368 crore ($44 million) from one of its internal operational accounts, a rare disclosure in an industry often criticized for its opacity.
The exchange said the incident, which took place on 19 July, targeted an account linked to its liquidity operations and did not compromise customer wallets. In a statement, CoinDCX pledged to fully absorb the losses from its corporate reserves, adding that client funds remain secure in segregated cold wallets.
The breach was first flagged by blockchain researcher ZachXBT, who reported large transfers of 4,443 ether and 155,830 solana tokens moving through privacy mixers and cross-chain bridges in what appeared to be a coordinated theft.
CoinDCX later confirmed the attack in a public statement, calling it a “contained incident” that was isolated from its core customer operations.
Chief Executive Sumit Gupta said the company acted swiftly to isolate the compromised account and bolster monitoring systems.
Although the breach briefly strained some backend services, including its Web3 operations and portfolio interfaces, CoinDCX said trading, fiat deposits and withdrawals continued without significant disruption.
The company has launched a forensic investigation in partnership with two global cybersecurity firms and India’s Computer Emergency Response Team (CERT-IN).
Gupta described the breach as “a wake-up call” for India’s digital asset industry, warning that the increasing sophistication of attacks demands higher standards across the sector.
CoinDCX also plans to launch a bug bounty program to incentivize ethical hackers to identify vulnerabilities before they can be exploited.
The attack adds to a growing list of security incidents targeting Indian exchanges, following a $230 million breach at rival WazirX in 2024.
According to blockchain analytics firms, global crypto exchanges lost more than $2.2 billion to hacks and exploits last year, underscoring the risks facing an industry that has grown faster than its regulatory and security frameworks.
Analysts called CoinDCX’s decision to immediately assume responsibility for the losses a positive step in an industry where customer protection often lags. By contrast, WazirX faced backlash for a protracted and disputed response to its own breach.
Co-founder Neeraj Khandelwal said CoinDCX’s internal governance and fund segregation practices helped contain the damage.
He added that the company would strengthen internal controls, improve employee awareness of advanced threats and develop detailed response plans for future incidents.
The breach comes at a sensitive time for India’s crypto sector, which remains in regulatory limbo amid government deliberations over licensing requirements and security standards.
With an estimated 15 million users and a sizable share of India’s crypto market, CoinDCX now faces heightened scrutiny from regulators and investors.
Gupta said the company remains committed to reinforcing its infrastructure, restoring full normalcy and cooperating with authorities to recover the stolen funds.
