CoinDCX, a leading Indian cryptocurrency exchange, confirmed on Saturday, July 19, that a security breach has resulted in the loss of $44.2 million (Rs 380 crore approx.)
The Mumbai-based firm has disclosed that hackers compromised and drained all the funds from one of its internal operational accounts that is used for liquidity provisioning, which helps minimise slippage and ensure smoother trading. Ethical hacker ZachXBT was the first to flag the breach, and said that he uncovered the incident 17 hours after it happened.
CoinDCX has emphasised that the wallets used to store customer assets were not impacted by the hack. INR withdrawals and other trading activity remain operational. The centralised crypto exchange initially paused its Web3 mode feature as a precautionary measure. A few hours later, it restored the in-app feature that gives users access to over 50,000 DeFi (decentralised finance) tokens.
“The incident was quickly contained by isolating the affected operational account. Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us – from our own treasury reserves,” Sumit Gupta, co-founder and CEO, CoinDCX said on X.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a… pic.twitter.com/L1kZhjKAxQ
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
https://platform.twitter.com/widgets.js
“Our internal security and operations teams have been working through the day along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities and trace the movement of funds,” he added.
CoinDCX also assured that its reserves are sufficient to fully cover the losses from the hack. “This won’t cause any loss to any of our customers and CoinDCX will be bearing the full amount from our treasury reserves, which is sufficiently healthy to cover up for this amount,” Gupta said.
To all our customers, here is our commitment 👇
This won’t cause any loss to any of our customers and CoinDCX will be bearing the full amount from our treasury reserves, which is sufficiently healthy to cover up for this amount.
We are still learning more about the details as… https://t.co/Ouuplc4uci
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
https://platform.twitter.com/widgets.js
Exactly one year ago to the day, hackers breached another Indian crypto exchange, WazirX, and made away with over $230 million in crypto assets.
Story continues below this ad
The crypto industry’s vulnerability to such incidents remains a pressing concern as it could undermine investor confidence. It could also fuel further scepticism of cryptocurrency by regulators in countries like India, where the sector is still under evaluation.
The CoinDCX hack adds to what is already shaping up to be the worst year-to-date on record for crypto thefts. Hackers have stolen more than $2 billion in crypto during the first half of 2025, according to new data from crypto analysis firm Chainalysis.
“I understand incidents like this can be unsettling – even when customer assets are unaffected. That’s why I am sharing this incident with you with full transparency,” Gupta said on X.
On what to do next, he said that CoinDCX will be collaborating with its exchange partner to block and recover assets. It will also be launching a bug bounty programme soon.