On July 19, 2025, CoinDCX, one of India’s biggest cryptocurrency exchanges, was hit by a serious cyberattack. Hackers managed to break into one of its internal accounts, and stole digital assets worth around $44.2 million. But despite the attack, the company quickly took control of the situation and reassured users that none of their personal funds were affected.
According to Sumit Gupta, the co-founder and CEO of CoinDCX, the attack targeted a specific internal account that was only used for liquidity operations on a partner exchange. This means it was not connected to the wallets where customer funds are stored. Thankfully, because of this separation, the hackers couldn’t reach users’ money.
How was CoinDCX hacked?
CoinDCX said that the attackers used a very sophisticated method to breach one of their servers. Somehow, the account used for moving liquidity between exchanges was compromised, and the hackers managed to access and transfer funds out of it.
The company’s internal monitoring systems, along with updates from blockchain security experts, helped them identify the problem quickly. Blockchain investigators, including well-known names like ZachXBT and Cyvers Alerts, noticed unusual activity and flagged it on social media, which helped CoinDCX respond in time.
As soon as the team confirmed the breach, they isolated the compromised account to stop any further damage. Gupta explained that the account was disconnected from other parts of the system, and because it didn’t have access to customer wallets, the impact was limited and fully contained.
Next steps for CoinDCX
Even though $44 million is no small amount, Gupta reassured everyone that CoinDCX will bear the full financial loss from its own treasury. Customers did not lose anything, and all operations — including trading, deposits, and rupee (INR) withdrawals — continue to work normally. Only Web3 features like on-chain transfers were paused for a short time as a safety measure during the investigation.
The fact that customer assets remained untouched is largely because CoinDCX keeps user funds in cold wallets. These are offline wallets that are not connected to the internet and are generally considered the safest way to store cryptocurrency.
While the company is still looking into how exactly the hackers broke in, early reports suggest that the stolen funds were quickly moved across different blockchains using bridges and privacy tools like Tornado Cash. This kind of movement is commonly used by hackers to hide the origin of stolen money.
CoinDCX has now partnered with top cybersecurity firms to track the stolen funds and patch any weaknesses in their system. They are also planning to launch a bug bounty program, where ethical hackers and researchers can help find and report security issues before real criminals do.
CoinDCX’s attack: Following on a similar trail
This incident comes almost exactly a year after a massive $230 million hack at WazirX, India’s largest crypto exchange. That attack, which compromised a wallet controlled by multiple people, caused a lot of panic in the industry and triggered investigations by both regulators and law enforcement. Since then, Indian crypto companies have been trying to improve their security systems.
In the case of CoinDCX, many experts believe the outcome could’ve been far worse if they hadn’t acted as quickly as they did. The way the company monitored its systems, separated user and operational funds, and communicated openly with the public helped them avoid a major crisis.
In his statement, Gupta said the team had been working round the clock to investigate the breach, fix any problems in the system, and make sure nothing like this happens again. He promised that all customer funds remain completely secure and delivered a clear message: CoinDCX is committed to security, transparency, and trust.
Community support
The response from the crypto community has been largely supportive. Even though the loss was significant, users appreciated the fact that the company owned up to the issue quickly, didn’t try to hide it, and took full responsibility without passing the burden onto customers.
For many, this incident serves as a reminder of how dangerous and unpredictable the crypto space can still be. But it also shows that if companies are prepared, maintain strong internal policies, and are honest with their users, they can survive even serious threats like this.
Over the coming weeks, CoinDCX plans to carry out a full security audit of its systems and strengthen controls for internal access and liquidity operations. Their goal is not just to recover from the attack but to come out stronger and more resilient.
The murky road ahead
In a world where cryptocurrency is still growing and evolving, the CoinDCX breach might serve as a wake-up call for the industry. It shows that even the biggest and most advanced exchanges are vulnerable—but with the right tools, structure, and mindset, they can protect their users and bounce back.
Despite the setback, CoinDCX continues to operate as normal. Customers can still trade, deposit, and withdraw their crypto and INR without any issues. And most importantly, their funds remain safe.
As India’s crypto market matures, this incident could mark a turning point in how exchanges handle security, transparency, and user trust. CoinDCX may have taken a hit—but the way they handled it has earned them respect from both users and industry professionals.
Also Read
