Indian cryptocurrency exchange CoinDCX has confirmed a security breach that led to a loss of approximately $44.2 million. The incident, which occurred on July 19, 2025, targeted a company-owned account used for liquidity provisioning, not user wallets.
A Sophisticated Breach with Serious Impact
The attack exploited a vulnerability in CoinDCX’s internal infrastructure. Hackers gained access to an operational hot wallet and swiftly moved the funds through Tornado Cash. According to blockchain analyst ZachXBT, the attackers transferred assets from Solana to Ethereum to further obscure their tracks.
Although this incident involved a significant sum, CoinDCX clarified that only treasury assets were affected. Customer funds remained untouched, as they are stored in cold wallets isolated from online threats.
How CoinDCX Responded and What’s Next
The exchange acted quickly to contain the situation:
- Temporarily paused Web3 trading while keeping centralized trading and INR operations live.
- Managed a spike in user activity that briefly slowed portfolio APIs.
- Notified India’s Computer Emergency Response Team (CERT-In) and filed a formal incident report.
- Engaged two leading cybersecurity firms to conduct a forensic investigation and trace the stolen funds.
Company co-founders Sumit Gupta and Neeraj Khandelwal publicly reassured users. Gupta urged investors not to panic, while Khandelwal emphasized that user assets and withdrawals remained secure.
Industry Fallout and Future Security Plans
This breach marks India’s second major crypto hack in a year, following the $235 million loss reported by WazirX in July 2024. With over $2.2 billion lost globally to crypto hacks last year, this event reignites concerns over hot wallet security and exchange infrastructure.
In response, CoinDCX is launching several initiatives:
- A bug bounty program to attract ethical hackers for security testing.
- Collaboration with blockchain forensics teams and exchange partners to freeze and recover funds.
- Strengthened cybersecurity protocols to better defend against future attacks.
While the scale of the breach is significant, CoinDCX’s decision to fully absorb the loss and maintain transparent communication has earned it some industry respect. Still, the incident has sparked renewed calls for tighter crypto security regulations across India.
