Crypto Exchange CoinDCX Hacked, $44M in Funds Reportedly Stolen

On July 19, 2025, CoinDCX, one of India’s cryptocurrency exchanges, suffered a significant security breach, resulting in a loss of approximately $44 million.

The incident, which occurred exactly one year after a devastating $235 million hack of rival exchange WazirX, has reignited concerns about the vulnerability of centralized crypto platforms and underscored the critical need for security measures and transparent communication in the crypto industry.

The CoinDCX hack allegedly targeted an internal operational account used solely for liquidity provisioning with a partner exchange.

According to CEO Sumit Gupta, the breach was caused by a “sophisticated server breach,” which allowed hackers to drain $44.2 million from an untagged hot wallet not included in the exchange’s proof-of-reserves disclosures.

Blockchain sleuth ZachXBT first flagged suspicious transactions, noting that the attacker’s address was funded with 1 ETH via Tornado Cash, a cryptocurrency mixer, and later bridged stolen funds from Solana to Ethereum to obscure their trail.

The breach was detected 17 hours before CoinDCX publicly disclosed it, raising initial concerns about the exchange’s responsiveness.

Importantly, Gupta assured users that no customer funds were affected, as the compromised account was separate from customer wallets, which are stored in secure cold wallets.

CoinDCX has committed to absorbing the loss from its treasury reserves, ensuring no financial impact on users.

Trading and Indian Rupee (INR) withdrawals remain fully operational, and the exchange is collaborating with cybersecurity partners and law enforcement to investigate the breach, recover stolen assets, and implement a bug bounty program to prevent future incidents.

This containment and financial backing reflect CoinDCX’s efforts to maintain user trust, but the delayed disclosure has understandably sparked criticism.

The CoinDCX breach somewhat mirrors the WazirX hack of July 18, 2024, which saw $235 million—nearly half of the exchange’s $500 million reserves—stolen from a multisig wallet.

The attack, attributed to North Korea’s Lazarus Group, exploited a vulnerability in the wallet’s smart contract.

Hackers created a fake WazirX account, deposited tokens, and manipulated the contract to gain full control, bypassing the need for multiple signatures.

The breach led WazirX to suspend all trading and withdrawals, and the exchange faced backlash for its controversial “socialized loss” strategy, which proposed locking 45% of user funds to offset losses.

This approach drew sharp criticism from CoinDCX’s Gupta, who called it “utter nonsense” for undermining user trust and damaging India’s crypto ecosystem. But it also seemed at the time that CoinDCX and Gupta had taken advantage of the situation to promote their own business.

WazirX’s handling of the hack, including its opaque communication and failure to distribute assets across multiple wallets, highlighted critical risk management failures.

The exchange filed a police complaint, engaged India’s Computer Emergency Response Team (CERT-In), and pursued legal action in Singapore, but its restructuring plan was rejected by a Singapore court in January 2025.

The fallout left 16 million users without access to their funds, amplifying calls for better security and transparency in the industry.

In response to the WazirX hack, CoinDCX reportedly took proactive steps to bolster its security framework.

In August 2024, it established a ₹50 crore ($6 million) Crypto Investors Protection Fund (CIPF), allocating 2% of its brokerage income to compensate users in case of future breaches.

Following the 2024 WazirX incident, CoinDCX introduced a so-called decentralized custody solution, allowing its 15 million users to control their assets via blockchain wallets outside the exchange’s infrastructure.

This move reduces reliance on vulnerable hot wallets and aligns with growing demand for self-custody options.

After the recent hack, CoinDCX’s commitment to covering losses and collaborating with partners to recover assets indicates a focus on user protection, though its 17-hour disclosure delay underscores the need for faster communication.

The CoinDCX and WazirX hacks highlight the persistent cybersecurity challenges facing crypto exchanges, particularly in India’s growing but loosely regulated market.

Transparency is paramount in maintaining user trust, especially during crises.

CoinDCX’s delayed disclosure, while mitigated by its financial safeguards, contrasts with WazirX’s prolonged opacity, which eroded confidence.

Exchanges must provide timely, clear updates to avoid speculation and panic.

Gupta’s seemingly proactive measures, such as updating CoinDCX’s Terms of Use in February 2025 to formalize Neblio Technologies as its compliant entity, appear to reflect a commitment to regulatory adherence and transparency.

Security remains the backbone of any exchange’s credibility.

Both hacks exposed vulnerabilities in centralized systems—WazirX’s multisig wallet flaw and CoinDCX’s alleged server breach.

Exchanges must adopt multi-layered security frameworks, including air-gapped cold storage, regular audits, and decentralized custody options.

CoinDCX’s CIPF and bug bounty program are steps that appear to be in the right direction, but the industry needs standardized protocols, as advocated during India’s G20 presidency.

Regulatory clarity, as suggested by Fireblocks’ Joanna Cheng, could enforce accountability and elevate security standards.

The successive hacks have cast a shadow over India’s crypto industry, which has thrived to some extent despite a lack of regulatory clarity.

With losses totaling $2.5 billion globally in the first half of 2025, exchanges face pressure to prioritize cybersecurity and user protection.

CoinDCX’s decentralized custody solution and protection fund aim to set a precedent, but WazirX’s collapse underscores the risks of inadequate risk management.

As India’s crypto user base grows, exchanges must balance product development with resilience, ensuring adequate security and transparent communication to foster long-term trust.

Concerningly, the CoinDCX and WazirX hacks serve as stark reminders of the crypto industry’s vulnerabilities.

While CoinDCX’s response seemingly demonstrates a commitment to user safety, the delayed disclosure highlights areas for much-needed improvement.

Transparency and proactive security measures are non-negotiable for exchanges aiming to thrive in an unpredictable environment.

By learning from these incidents, India’s crypto ecosystem can hopefully evolve into a more secure and trusted space.



Sponsored Links by DQ Promote

 

 

 
Send this to a friend