On July 19, 2025, CoinDCX, India’s second-largest cryptocurrency exchange, experienced a sophisticated cyberattack resulting in the theft of approximately $44.2 million from its operational funds. The company has assured its users that customer assets remain unaffected and that the losses will be fully covered by CoinDCX’s treasury reserves.
Details of the Breach
The breach targeted an internal operational account used exclusively for liquidity provisioning on a partner exchange. Co-founder and CEO Sumit Gupta explained that the attackers exploited a server-side vulnerability to gain unauthorized access to the platform’s infrastructure. The stolen funds, primarily in stablecoins such as USDC and USDT, were transferred from the Solana blockchain to Ethereum. The attackers utilized Tornado Cash, a cryptocurrency mixing service, to obfuscate the transaction trail, complicating efforts to trace and recover the assets.
Immediate Response and User Assurance
Upon detecting the breach, CoinDCX promptly isolated the compromised account and temporarily suspended its Web3 services to prevent further unauthorized access. The company emphasized that customer funds are stored in secure cold wallets and were not impacted by the incident. Gupta stated, User funds are stored in secure cold wallets and remain unaffected. The exchange’s centralized trading platform, along with INR deposits and withdrawals, continued to operate normally during this period.
Investigation and Security Enhancements
CoinDCX’s internal security team is collaborating with external cybersecurity experts to investigate the breach, identify vulnerabilities, and trace the stolen funds. The company is also working with partner exchanges to freeze any illicit transfers. To bolster its defenses, CoinDCX plans to launch a bug bounty program, encouraging ethical hackers to identify and report potential security flaws. Gupta emphasized the company’s commitment to learning from the incident and strengthening the platform’s security measures.
User Impact and Platform Stability
The breach led to a surge in user activity, with many seeking updates and assurances regarding their funds. This increased traffic temporarily strained CoinDCX’s servers, particularly affecting portfolio services. In response, the company expanded its server capacity to accommodate the heightened demand. Gupta reassured users, stating, We remain 100% committed to honoring every single withdrawal request. In the 24 hours following the hack, CoinDCX processed 98.09% of the 31,462 INR withdrawal requests received.
Industry Context and Regulatory Implications
This incident occurs nearly a year after a similar breach at WazirX, another Indian cryptocurrency exchange, which resulted in the theft of approximately $230 million. These events underscore the pressing need for enhanced cybersecurity measures within the cryptocurrency industry. While crypto trading is legal in India, the sector lacks a comprehensive regulatory framework. Incidents like these may prompt regulators to expedite the development of policies aimed at safeguarding investors and maintaining market integrity.
Conclusion
The $44.2 million cyberattack on CoinDCX highlights the ongoing security challenges faced by cryptocurrency exchanges. CoinDCX’s swift response and commitment to covering the losses from its own reserves demonstrate a proactive approach to maintaining user trust. As the cryptocurrency landscape continues to evolve, robust security protocols and regulatory oversight will be crucial in ensuring the safety and confidence of investors.
