CoinDCX breach — CoinDCX suffered a $44 million internal breach, but user funds remained fully safe. This article unpacks what happened, how the company responded, and what it signals for India’s crypto ecosystem.
CoinDCX breach shook India’s crypto industry when, on July 19, 2025, the exchange disclosed a sophisticated server breach that drained approximately $44.2 million (₹368 crore) from an internal operational wallet, not customer accounts.
Sumit Gupta, Co‑founder and CEO, confirmed user balances were untouched. CoinDCX isolated the compromised account and pledged to cover the loss entirely from its treasury reserves, asserting users’ funds remain 100% safe.
What exactly happened in the CoinDCX breach
A single USDT test transfer was observed early in the attack, followed by mass withdrawals over a few minutes. Hackers used Tornado Cash and cross‑chain bridges between Solana and Ethereum to obscure traces and move funds through multiple wallets.
The breach targeted a wallet used solely for liquidity provisioning with a partner exchange. Operational accounts were segregated by design, giving no access to customer wallets held in cold storage.
CoinDCX swiftly contained the attack by isolating the affected wallet. The exchange updated participants via its official incident blog, reaffirmed proof of reserves, and continued trading and INR withdrawals normally. Smaller withdrawals cleared within five hours; larger ones within 72 hours.
The platform also launched India’s largest crypto recovery bounty, offering up to 25% of recovered funds (≈$11 million) to ethical researchers who assist in tracking and retrieving stolen assets.
Related: Crypto Hack Losses Surge $142M in July 2025
Insider threat: Bengaluru engineer arrested
On July 26, Bengaluru police arrested a CoinDCX software engineer allegedly involved in the breach. Investigators believe the engineer’s laptop credentials were used to carry out unauthorised transactions to several external wallets. A suspicious Rs 15 lakh deposit and alleged coordination via a German mobile contact are under investigation.
The CoinDCX breach highlights a pressing need for stronger internal controls and cross‑chain security protocols. Similar patterns appear in the 2024 WazirX hack, which resulted in a much larger $234 million loss, also linked to internal wallet vulnerabilities.
Despite the breach, CoinDCX posted its highest monthly trading volume to date, and CEO Gupta reaffirmed plans to aim for a $10 billion valuation, contingent on India adopting clear crypto regulations.
What this means going forward
As exchanges continue navigating market volatility and evolving rules, CoinDCX’s handling may set a precedent. Proactive transparency, compensation responsibility, and operational resilience are now expected norms. At the same time, internal risk remains a blind spot for many platforms—something both regulators and exchanges must address.
For Indian crypto investors, CoinDCX breach shows that while external threats remain real, internal systems and people can present silent risks. Vigilance, internal audits, and rigorous cybersecurity protocols are no longer optional.
