Last July, India’s then-largest crypto exchange WazirX was hacked, resulting in the theft of crypto assets worth $235 million (Rs 2,024 crore). Now, a year later, India’s second-largest crypto exchange CoinDCX reported a major security breach, which led to approximately $44 million (Rs 378 crore) being wiped off from the platform.
On Saturday (July 19), co-founders of CoinDCX Sumit Gupta and Neeraj Khandelwal confirmed that they had been hit by hackers, describing the hack as a “sophisticated” breach of its infrastructure.
What exactly happened? Have customers been hit? Are there crypto assets been affected? Why are crypto platforms susceptible to breaches?
We get you all the answers.
What is CoinDCX?
Before we deep dive into the hacking incident at CoinDCX, let’s get a better understanding of what it is. Established in 2018, today CoinDCX is a cryptocurrency exchange and has been founded by IIT Bombay alumni Sumit Gupta and Neeraj Khandelwal.
According to the duo, the idea behind CoinDCX was to create a centralised platform where users could trade cryptocurrencies easily and securely. This vision has driven the company’s growth and innovation since its inception.
Today, as per their website, CoinDCX has over 1.6 crore users and a daily trading volume of over $10 million.
So, what happened at CoinDCX?
On July 19, popular ethical hacker ZachXBT revealed a breach at CoinDCX on his Telegram channel. Soon after, the platform’s co-founder and CEO Sumit Gupta confirmed the news saying hackers had wiped out approximately $44 million from the platform.
“Today, one of our internal operational accounts — used only for liquidity provisioning on a partner exchange — was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won’t cause any loss to our customers. CoinDCX will be bearing the full amount,” Gupta posted on X.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a… pic.twitter.com/L1kZhjKAxQ
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
However, many pointed out that the confirmation from CoinDCX came 17 hours after ZachXBT had flagged the issue. To that, CoinDCX’s other co-founder Neeraj Khandelwal said the company wanted to “first secure the assets” before making any public announcement. “That’s the most important thing and inform when we are confident of safety.”
How did the breach occur at CoinDCX?
Explaining that it was a sophisticated server breach, the platform explained that the hackers hit one of the company’s internal operational accounts, which was typically used for providing liquidity. They stated that the hackers had exploited a server-side vulnerability in an internal liquidity provisioning account.
As a report in the Mint states, even short windows of access to a hot wallet can result in massive losses. The anonymous and irreversible nature of blockchain transactions means funds can be moved and laundered quickly, often before teams can respond.
However, the damage was contained, according to CoinDCX’s Gupta, who stated that the affected account was isolated. “Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us — from our own treasury reserves,” he added.
ZachXBT, the ethical hacker, outlined how the hack took place. He said that the stolen stablecoins were moved from Solana to Ethereum. They were routed through Tornado Cash, a service often used to obfuscate blockchain transactions. Moreover, the hacker reportedly funded their wallet with 1 ETH via Tornado Cash before initiating the theft, which complicates efforts to trace the full path of the stolen funds.
Are customers’ assets safe?
CoinDCX categorically stated that no customer funds were affected as user assets were stored separately in secure cold wallets. It stated that it had temporarily suspended its Web3 services to contain the breach.
A few hours later, it restored the in-app feature. CoincDCX’s Gupta further added on X that an FIR had been filed and that CoinDCX reserves would be absorbing all losses. He further added that all trading and withdrawals were running normally and there is no impact on users.
“Our internal security and operations teams have been working through the day along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities and trace the movement of funds,” he added.
Gupta said that every security incident is a learning and assured further strengthening of the platform. “More importantly, this is our time to win this war against cyberthreats in the industry, and we commit to work together with experts to secure our industry. I understand incidents like this can be unsettling, even when customer assets are unaffected. That’s why I am sharing this incident with you with full transparency.”
Is this the first such incident in India?
Unfortunately, no. A year back, in the same month,
WazirX was hacked, which has gone down as the country’s biggest cyberattack on an Indian crypto exchange. Hackers caused a loss of over $230 million, or nearly 45 per cent of investor funds on the platform.
Investigations later revealed that it was linked to North Korea–affiliated groups, including the Lazarus Group.
Moreover, this hack on CoinDCX comes on the heels of similar such attacks on crypto firm in recent times. For instance,
Iran’s largest cryptocurrency exchange, Nobitex, lost over $90 million in a cyberattack at a time amid the recent flare-up between Israel and Iran.
In June, US-based crypto exchange Coinbase suffered a data breach that exposed customer information. Hackers used the stolen data to carry out social engineering attacks aimed at stealing user funds. They also demanded a $20 million ransom in exchange for not leaking the data and halting further attacks. The estimated financial impact ranged between $180 million and $400 million.
Why do hackers often target crypto assets?
Hackers often attack crypto platforms owing to a number of reasons, including regulatory gaps, and limited legal recourse. Experts explain that each new layer in blockchain transactions add potential vulnerabilities, making them more prone to attacks.
Moreover, once funds are moved, there’s no central authority to freeze or recover the stolen assets. Crypto exchanges lack oversight or regulation in India.
With inputs from agencies
