Indian crypto exchange CoinDCX says it lost over $44 million following a hack
CoinDCX, one of India’s top cryptocurrency exchanges, has confirmed a $44 million loss due to a significant cybersecurity breach. This incident marks one of the biggest attacks on a digital asset platform in the country. Notably, the attackers did not access user wallets, but rather an internal operational account used for liquidity purposes.
Although customer funds remain safe, the breach has raised critical questions about the cybersecurity infrastructure of Indian exchanges and their ability to defend against increasingly complex threats.
How the Hack Unfolded
The attack occurred on July 19, 2025, when CoinDCX detected suspicious activity involving an internal wallet. According to company officials, this wallet was used solely for liquidity operations on a third-party platform and was isolated from user wallets.
Hackers managed to exploit a cross-chain bridge—specifically between the Solana and Ethereum blockchains. Through a series of rapid and automated transfers, they siphoned off the assets before the security systems could contain the breach.
Eventually, the suspicious movements triggered alerts, prompting CoinDCX to freeze the affected systems. However, by that time, nearly $44 million (around ₹368 crore) had already been stolen.
CoinDCX’s Swift Response to the Breach
To its credit, CoinDCX acted quickly. It immediately disconnected the compromised systems and launched an internal investigation. The platform also partnered with blockchain security firms, law enforcement, and CERT–In (India’s cyber emergency response agency) to trace the stolen funds.
Moreover, the exchange has announced that the losses will be fully absorbed by its corporate treasury. CoinDCX clarified that customer funds remain untouched and continue to be stored in secure cold wallets.
“We are fully committed to transparency and user safety,” said Sumit Gupta, the company’s CEO. “We’ve taken every possible step to isolate the breach, prevent further losses, and strengthen our systems.”
User Funds Remain Secure—For Now
Despite the scale of the breach, CoinDCX has reassured users that their funds are secure. All customer assets are held in segregated cold wallets, which are not connected to the internet. These wallets were not targeted during the breach.
Operations on the platform—such as trading, INR withdrawals, and deposits—have continued without interruption. That said, CoinDCX has temporarily suspended certain cross-chain transactions while security audits are underway.
Why Are Indian Crypto Exchanges So Vulnerable?
Unfortunately, this isn’t the first time a major Indian crypto exchange has been hacked. In July 2024, WazirX suffered a massive breach, losing over $235 million due to compromised private keys. These back-to-back incidents suggest that Indian exchanges may be under-prepared for the level of threats they face today.
A key vulnerability lies in the use of hot wallets, which remain online to support real-time transactions. While these wallets offer convenience, they are more susceptible to attacks than offline cold storage.
Furthermore, many exchanges rely on third-party blockchain bridges, which often lack rigorous security audits. In fact, several global hacks in recent years—such as the Ronin Network breach—also exploited cross-chain bridges.
What Happens Next?
In the short term, CoinDCX will continue working with law enforcement and blockchain forensics teams to recover the stolen assets. Investigators are tracking the flow of funds, although hackers have already started using mixers and decentralized protocols to obscure the money trail.
Looking ahead, the exchange plans to:
- Implement multi-signature wallets for internal operations
- Introduce real-time anomaly detection systems
- Increase third-party code audits
- Share a full post-mortem report with the public
These measures are crucial for restoring confidence in the platform, especially as India’s crypto user base continues to grow.
Will This Push Regulators to Act?
The CoinDCX hack may serve as a tipping point for Indian regulators. While the government has introduced tax policies and made KYC mandatory, there’s still no comprehensive law governing crypto exchanges or cybersecurity requirements.
As a result of this incident, authorities may:
- Mandate cybersecurity certifications for exchanges
- Introduce penalties for poor infrastructure
- Require public breach disclosures
- Demand insurance coverage for operational wallets
If implemented, such rules could make the Indian crypto ecosystem more resilient and trustworthy.
What Should Crypto Users Do?
Even though CoinDCX has reassured users, this event is a reminder of the risks involved in using centralized platforms. As a crypto investor, you should always take personal steps to protect your assets:
- Move large holdings to hardware wallets
- Enable 2FA on all accounts
- Regularly monitor your wallet and trading history
- Avoid using the same password across platforms
By taking these precautions, you can minimize exposure to potential exchange vulnerabilities.
Conclusion: A Cautionary Moment for India’s Crypto Market
The CoinDCX hack is a serious event that highlights the growing threats faced by Indian crypto exchanges. While the platform has responded promptly and user funds were not compromised, the incident still reveals gaps in infrastructure, operations, and regulation.
As digital asset adoption increases in India, both companies and regulators must do more to secure the system. If lessons are learned and reforms are enacted, this breach could ultimately strengthen the industry. Otherwise, users may begin to lose trust—and take their assets elsewhere.
