Leading Indian cryptocurrency exchange CoinDCX has confirmed a cybersecurity breach resulting in the loss of approximately $44 million (INR 380 crore) from its internal treasury account. The breach, caused by a sophisticated server compromise, targeted one of the platform’s operational accounts used exclusively for liquidity provisioning on a partner exchange.
According to CoinDCX cofounder Neeraj Khandelwal, the affected funds were part of the company’s internal treasury, and no customer assets were impacted. “The total amount lost was ~$44 Mn out of our treasury assets. CoinDCX Treasury will be bearing these losses. Our first and foremost objective throughout the day has been to secure assets,” Khandelwal stated in a post on X (formerly Twitter).
Cyberattack Limited to Internal Operational Account
CoinDCX cofounder and CEO Sumit Gupta clarified that the breach was limited to a single segregated account, and did not affect customer wallets or operations. “One of our internal operational accounts, used only for liquidity provisioning on a partner exchange, was compromised. The exposure was isolated, and our security teams acted quickly to contain the incident,” he said.
Gupta also revealed that the company has partnered with leading cybersecurity experts to investigate the breach, fix vulnerabilities, and track the stolen assets. Additionally, CoinDCX plans to launch a bug bounty programme to incentivize ethical hackers and white-hat developers to aid in the recovery process.
“We are collaborating with our exchange partner to block and recover the stolen funds. Every security incident is a learning opportunity. This is our time to win the battle against cyber threats in the crypto ecosystem,” Gupta added.
Trading Operations Remain Active
While customer trading and INR withdrawals remain fully operational, CoinDCX has temporarily suspended trading in its Web3 section as a precaution. Both cofounders emphasized that all customer assets remain safe, and the platform is operating normally for users.
“Our team is fully mobilized and working around the clock to investigate the root cause. Trading and withdrawal functions are live and unaffected,” Khandelwal reassured users.
A Growing Concern for Indian Crypto Exchanges
This marks the second major cybersecurity incident affecting an Indian crypto exchange within a year. In July 2024, rival platform WazirX suffered a massive breach resulting in the theft of $234 million worth of digital assets. The hack, which targeted a wallet hosted on institutional custodian Liminal, impacted nearly 4.4 million users and led to widespread panic, regulatory scrutiny, and trading suspension.
WazirX later initiated a white-hat bounty program, offering up to 10% of the stolen funds (approx. $23 million) for leads. To date, only $3 million of the lost assets have been recovered, with investigations pointing to state-sponsored North Korean hacking groups.
A Wake-Up Call for Crypto Security in India
CoinDCX’s recent incident highlights the increasing cybersecurity risks facing the digital asset industry. As exchanges grow in scale and importance, the need for robust internal protocols, external audits, and advanced threat detection systems becomes critical.
With India’s crypto market poised for further growth, the CoinDCX breach serves as a reminder for all ecosystem players to prioritize security, transparency, and rapid response mechanisms to preserve user trust and industry integrity.