Indian Crypto Exchange CoinDCX Loses $44 Million in Security Breach

CoinDCX, India’s largest cryptocurrency exchange, lost $44.2 million after hackers broke into one of its internal wallets on Friday. The attack targeted a wallet used for trading with partner exchanges, not customer accounts.

The hack came exactly one year after another major Indian crypto exchange, WazirX, lost $235 million to hackers. This timing raises new questions about security at Indian crypto platforms.

How the Attack Happened

Blockchain detective ZachXBT first spotted the hack and accused the CoinDCX team of waiting 17 hours before disclosing. The investigator found that hackers started with just 1 Ethereum coin from Tornado Cash, a service that hides where crypto comes from. They then moved stolen funds between different blockchains, including Solana and Ethereum.

CoinDCX CEO Sumit Gupta confirmed the attack within 10 minutes of ZachXBT’s public announcement. Gupta blamed a “server breach” that let hackers access an internal account used only for providing liquidity to partner exchanges.

The hackers moved money through multiple wallets across different blockchains, making it hard to track. Security firm Cyvers first detected the suspicious withdrawals from CoinDCX’s hot wallet.

Company Response and User Protection

CoinDCX acted quickly to contain the damage. The exchange isolated the affected account and froze related internal systems. CEO Gupta stressed that customer funds stayed safe because the company keeps operational accounts separate from user wallets.

“The incident was quickly contained by isolating the affected operational account,” Gupta said in a public statement. “Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us, from our own treasury reserves.”

The exchange kept all trading and rupee withdrawals running normally. However, CoinDCX temporarily shut down its Web3 feature as a safety measure.

CoinDCX is working with security experts and crypto forensics agencies to recover the stolen funds. The company also plans to launch a bug bounty program to find and fix security holes.

CoinDCX’s Position in Indian Crypto Market

Founded in 2018, CoinDCX serves over 13 million users and holds the title of India’s most valuable crypto company. The exchange reached a $2.15 billion valuation in 2022 after raising $135 million from investors including Pantera Capital and Coinbase Ventures.

The company became India’s first crypto unicorn in 2021. As of June 2025, CoinDCX reported holding $584.2 million in total assets across nearly 20 million registered users.

CoinDCX has positioned itself as a security-focused platform. The exchange maintains monthly transparency reports and operates a $7 million fund designed to compensate users if a security breach affects customer accounts.

Rising Crypto Security Threats in 2025

The CoinDCX hack adds to a troubling year for crypto security. CertiK’s latest report shows that hackers stole $2.47 billion in the first half of 2025, already beating all of 2024’s losses.

Two massive hacks drove most of these losses: the Bybit exchange lost $1.5 billion in February, and Cetus Protocol lost $225 million in May. These two incidents alone account for $1.78 billion of the total.

Cyvers CTO Meir Dolev pointed out that centralized exchanges remain prime targets. “In Q2 2024 alone, over 65% of losses in Web3 originated from CEX-related incidents, with nearly $500 million lost due to wallet access breaches,” Dolev said.

The security firm noted that hackers increasingly use sophisticated methods to access exchange wallets. Cross-chain attacks, where criminals move money between different blockchains, make tracking stolen funds much harder.

What This Means for Indian Crypto Users

The CoinDCX hack highlights ongoing security challenges at Indian crypto exchanges. Last year’s WazirX hack, attributed to North Korean hackers, forced that exchange to stop operations. A Singapore court recently rejected WazirX’s restructuring plan.

Before the WazirX incident, CoinDCX CEO Gupta had expressed confidence that his exchange’s security measures would prevent similar attacks. The company pointed to its multi-layered security framework and fund segregation as key protections.

CoinDCX acquired Dubai-based platform BitOasis in July 2024, setting up international expansion plans. The hack may slow these growth efforts as the company focuses on strengthening security.

The $44 million loss represents about 7.5% of CoinDCX’s total holdings. While significant, this amount shouldn’t threaten the exchange’s operations since customer funds remained untouched.

Conclusion

The CoinDCX hack shows that even well-funded exchanges with strong security claims remain vulnerable to sophisticated attacks. While the exchange protected customer funds and responded quickly, the incident raises questions about operational security at Indian crypto platforms. As the crypto industry faces record-breaking security losses in 2025, exchanges must strengthen their defenses against increasingly complex threats.