Indian Cryptocurrency Exchange CoinDCX Experiences Significant Cyber Attack, Resulting in $44 Million Loss Due to Security Breach

Indian cryptocurrency exchange CoinDCX has acknowledged a significant security breach that led to a loss of $44 million.

Key Takeaways:

• CoinDCX experienced a $44 million hack due to a server breach.
• The incident was initially reported by blockchain analyst ZachXBT.
• This breach follows the 2024 WazirX incident associated with North Korea’s Lazarus Group.

The exploit occurred early Saturday morning and was first detected nearly 17 hours later by blockchain investigator ZachXBT, who connected the compromised wallet to CoinDCX.

“The attacker address was funded with 1 ETH from Tornado Cash and subsequently bridged a portion of the stolen assets from Solana to Ethereum,” ZachXBT noted on Telegram.

CoinDCX Acknowledges Security Breach

Shortly after ZachXBT’s announcement, CoinDCX CEO Sumit Gupta confirmed the hack, attributing it to a “sophisticated server breach” that compromised an internal account utilized for liquidity provisioning on a partner platform.

Gupta emphasized that customer funds remained unaffected and that the company would absorb the losses from its treasury.

“We are working with the exchange partner to block and recover assets, including launching a bug bounty program soon,” Gupta mentioned.

He further stated that the CoinDCX wallets designated for customer asset storage were secure and “completely safe.”

Why is a CoinDCX team member encouraging people to engage with this post and thank you for the “transparency”?
Your team waited 17 hours to disclose (not until after it was alerted publicly) pic.twitter.com/jElwOd9IHY

— ZachXBT (@zachxbt) July 19, 2025

This incident occurs nearly a year after the notable WazirX hack, which forced the platform offline and ultimately resulted in the failure of its proposed restructuring plan.

The Lazarus Group, a hacking syndicate linked to North Korea, was later associated with that attack. To date, no group has claimed responsibility for the CoinDCX breach.

Established in 2018, CoinDCX achieved unicorn status in 2021 after securing $90 million at a valuation of $1.1 billion.

A year later, it raised an additional $135 million, elevating its valuation to over $2 billion. In July 2024, the company acquired Dubai-based crypto platform BitOasis, indicating ambitions for international expansion.

CoinDCX Faces Scrutiny Over Withdrawal Policies

Despite its rapid growth, CoinDCX has encountered criticism regarding its withdrawal policies.

The platform does not permit crypto withdrawals by default, necessitating users to undergo internal risk assessments to enable the feature.

Gupta defended this approach in a Reddit AMA earlier this year, citing concerns about the movement of illicit funds.

Ironically, during the same session, Gupta expressed confidence in CoinDCX’s security measures, highlighting its fund safeguarding protocols, proof of reserves, and a $7 million insurance pool established to protect users in the event of a breach.

As of June, CoinDCX reported total holdings of $584.2 million and nearly 20 million registered users.

Crypto investors lost over $2.2 billion to hacks, scams, and breaches in the first half of 2025, primarily driven by wallet compromises and phishing attacks, according to CertiK’s latest security report.

Wallet breaches alone accounted for $1.7 billion in losses across just 34 incidents, while phishing scams resulted in over $410 million across 132 attacks.

Two significant incidents, including Bybit’s $1.5 billion hack in February and Cetus Protocol’s $225 million exploit in May, significantly inflated the year’s losses, together totaling nearly $1.78 billion.

The post Indian Crypto Exchange CoinDCX Suffers Major Hack, Loses $44 Million in Security Breach appeared first on Cryptonews.