Indian cryptocurrency exchange CoinDCX confirmed a major security breach on July 19, resulting in the theft of approximately $44.2 million (₹378 crore) from one of its internal operational accounts. The hack, which took place at around 4 am IST, targeted an account used solely for liquidity provisioning on a partner exchange and did not affect customer wallets or funds.
Co-founders Sumit Gupta and Neeraj Khandelwal explained on social platform X that the breach was due to a “sophisticated server attack.” The stolen funds, composed mainly of stablecoins, were reportedly routed through blockchain bridges and mixing services, complicating efforts to track the assets. Blockchain investigator ZachXBT identified suspicious activities 17 hours before the breach was made public, raising transparency concerns within the alarmed crypto community.
Responding swiftly, CoinDCX isolated the affected infrastructure and reassured users that their funds were completely secure. The company absorbed the full financial impact—ensuring customer assets are unaffected—and resumed normal platform operations after a temporary disruption in portfolio APIs caused by a surge in user queries.
CoinDCX has begun a forensic investigation with global cybersecurity partners and notified the Indian Computer Emergency Response Team (CERT-In). To reinforce trust and cyber resilience, CoinDCX is launching a bug bounty program to incentivize ethical hackers to report vulnerabilities.
The incident follows last year’s WazirX hack, further highlighting the vulnerability of Indian crypto exchanges and likely accelerating the need for stricter industry regulations.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments are volatile and risky. Always conduct your research before making any investment decisions.
