CoinDCX, one of India’s largest cryptocurrency exchanges, suffered a security breach this week that resulted in the loss of funds from one of its internal operational wallets.
The company disclosed the breach late Friday after its co-founder and CEO Sumit Gupta published a detailed statement and accompanying video on social media. The incident likely occurred between July 18 and July 20.
Blockchain security firm Cyvers said that the attacker siphoned off approximately $44.2 million in USDC and USDT from a CoinDCX wallet on the Solana blockchain. While CoinDCX has not confirmed this figure, it has acknowledged that the compromised account was limited to internal operations on a partner exchange and did not involve customer wallets.
“Today, one of our internal operational accounts—used only for liquidity provisioning on a partner exchange—was compromised due to a sophisticated server breach,” Gupta wrote on X. “The exposure is only limited to this specific account and is being fully absorbed by us—from our own treasury reserves,” he added, emphasising that no customer funds were impacted.
Gupta sought to reassure users that trading and INR withdrawals remain fully functional and that the platform’s cold wallet infrastructure—which stores user assets—was untouched. The company plans to publish a full technical post-mortem “very soon” and is working with cybersecurity partners and the affected exchange to trace the stolen funds and plug any vulnerabilities.
Neeraj Khandelwal, Co-founder and CTO of CoinDCX, said the platform experienced downtime in its portfolio APIs shortly after the announcement due to a surge in traffic. “More server capacity is being provisioned,” he posted on X.
The hack comes exactly a year after WazirX, another prominent Indian crypto exchange, disclosed a massive breach in which attackers siphoned off roughly $235 million worth of digital assets. That incident has been attributed to the North Korean-linked Lazarus Group and reportedly involved the compromise of WazirX’s multi-signature wallet setup.
WazirX has managed to freeze a small portion (about $3 million) of the stolen funds in cooperation with law enforcement, but the bulk of the assets was laundered via crypto mixers and remains unrecoverable. So far, no WazirX user has received their funds back as the exchange navigates a lengthy court arbitration.
Earlier in June, Bitcoin, the most popular cryptocurrency, breached $120,000 for the first time. A vocal supporter of cryptocurrencies, US President Donald Trump has often expressed his intent to support the crypto industry, and his re-election fueled renewed momentum after months of Bitcoin hovering around the $100,000 mark. He also recently signed the GENIUS Act, the first major US legislation on cryptocurrencies, which establishes a regulatory framework for the $250 billion stablecoin market.
