CoinDCX Faces Major Hack: A Wake-Up Call for Indian Crypto Security
In a big breach, CoinDCX, the biggest cryptocurrency exchange in India, has reportedly lost $44.2 million. This unlucky incident happened when hackers managed to infiltrate one in every of its internal wallets last Friday, specifically targeting a wallet related to trading on partner exchanges, fairly than customer accounts.
This breach comes exactly a 12 months after one other major Indian crypto player, WazirX, suffered an enormous $235 million loss to hackers. The timing is raising eyebrows and sparking fresh concerns in regards to the security protocols at Indian crypto exchanges.
The Intricate Details of the Breach
The hack was first noticed by blockchain investigator ZachXBT, who identified that the CoinDCX team took a full 17 hours to reveal the incident. According to ZachXBT, the hackers began their attack with a single Ethereum coin from Tornado Cash, a service known for obscuring crypto origins. They then cleverly shuffled the stolen funds across various blockchains, including Solana and Ethereum, to cover their tracks.
CoinDCX urges its followers to thank it for its transparency. Source: ZachXBT on X
CoinDCX’s CEO, Sumit Gupta, promptly confirmed the attack inside just 10 minutes of ZachXBT’s alert. Gupta attributed the breach to a “server breach” that allowed hackers to access an internal account used solely for providing liquidity to partner exchanges.
The hackers cleverly maneuvered the funds through several wallets across different blockchains, complicating tracking efforts. Cyvers, a security firm, was the primary to identify the suspicious withdrawals from CoinDCX’s hot wallet.
How CoinDCX Responded
In response, CoinDCX took swift motion to limit the damage. The affected account was isolated, and related internal systems were frozen. Gupta assured that customer funds were never in danger since the exchange maintains a strict separation between operational accounts and user wallets—a basic security measure for any exchange price its salt.
“We quickly contained the incident by isolating the affected operational account,” Gupta stated publicly. “Given our operational accounts are segregated from customer wallets, the exposure is confined to this particular account, and we are fully absorbing the loss from our own treasury reserves.”
Despite the breach, CoinDCX kept all trading and rupee withdrawals running easily. However, the corporate did temporarily disable its Web3 feature.
In a classic case of ‘closing the barn door after the horse has bolted,’ CoinDCX is now collaborating with security experts and crypto forensics teams to retrieve the stolen funds. The company also announced plans to launch a bug bounty program to discover and patch security vulnerabilities.
CoinDCX’s Market Standing
Established in 2018, CoinDCX boasts over 13 million users and holds the excellence of being India’s Most worthy crypto company. The exchange was valued at $2.15 billion in 2022 following a $135 million funding round from investors including Pantera Capital and Coinbase Ventures.
In 2021, CoinDCX became India’s first crypto unicorn. By June 2025, it reported $584.2 million in total assets across nearly 20 million registered users.
Ironically, CoinDCX has all the time projected itself as a security-centric platform, releasing monthly transparency reports and maintaining a $7 million fund to compensate users in case of security breaches affecting customer accounts.
The Rising Tide of Crypto Security Threats in 2025
The CoinDCX incident adds one more entry to a growing list of crypto security challenges this 12 months. According to CertiK’s latest report, hackers have already made off with $2.47 billion in the primary half of 2025, surpassing all of 2024’s losses.
This 12 months’s major losses have been driven by two massive hacks: Bybit exchange lost $1.5 billion in February, and Cetus Protocol was hit for $225 million in May. Together, these hacks account for an astounding $1.78 billion of the entire losses.
Cyvers CTO Meir Dolev highlighted that centralized exchanges are particularly tempting targets. “In Q2 2024 alone, over 65% of losses in Web3 were due to CEX-related incidents, with nearly $500 million lost from wallet access breaches,” Dolev noted.
The security firm emphasized that hackers are increasingly employing sophisticated techniques to breach exchange wallets, with cross-chain attacks making it even tougher to trace stolen funds.
Implications for Indian Crypto Enthusiasts
The CoinDCX hack underscores persistent security issues plaguing Indian crypto exchanges. Last 12 months’s WazirX hack, allegedly orchestrated by North Korean hackers, forced the exchange to halt operations. A Singapore court recently dismissed WazirX’s restructuring proposal.
Prior to the WazirX debacle, CoinDCX CEO Gupta had expressed confidence that his exchange’s security protocols would thwart similar attacks, citing its multi-layered security framework and fund segregation as key safeguards.
CoinDCX’s acquisition of Dubai-based platform BitOasis in July 2024 marked the corporate’s international expansion ambitions. However, the recent breach might slow these plans as the corporate shifts focus to bolster its security measures.
The $44 million loss amounts to about 7.5% of CoinDCX’s total assets. While substantial, it shouldn’t jeopardize the exchange’s operations since customer funds were untouched.
Wrapping Up
The CoinDCX hack serves as a stark reminder that even well-resourced exchanges with robust security claims are vulnerable to advanced cyberattacks. Although the exchange maintains that it successfully protected customer funds and responded swiftly, the incident raises essential questions on operational security at Indian crypto platforms. As the crypto industry faces unprecedented security challenges in 2025, exchanges must urgently enhance their defenses against increasingly sophisticated threats.
Image Credit: bravenewcoin.com
