CoinDCX hit by major cyberattack, $44 mn drained: All you need to know

Crypto exchange CoinDCX lost was $44 million out of our treasury assets after a major cybersecurity breach on Saturday. However, the company said that customer funds were safe and that the firm will be bearing these losses.

 

The incident came around the heals of the first anniversary of a security breach at WazirX, another cryptocurrency exchange which reported theft of approximately $230–235 million in July 2024.

 

Founded in 2018, CoinDCX claims over 16 million users. It handled $492 million in spot trade volume in May 2025, with Bitcoin and Ethereum leading trades.

 

CoinDCX cyberattack: What happened?

 

In a post on X on Saturday evening, Co-Founder and CEO Sumit Gupta revealed that one of CoinDCX's internal operational accounts, which was used only for liquidity provisioning on a partner exchange, was "compromised due to a sophisticated server breach". He also assured customers that CoinDCX wallets used to store assets were not impacted.

 

Make smarter market moves with The Smart Investor. Daily insights on buzzing stocks and actionable information to guide your investment decisions delivered to your inbox.

Subscribe

 

"The incident was quickly contained by isolating the affected operational account. Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us - from our own treasury reserves," he said.

 

Gupta said that CoinDCX was collaborating with the exchange partner to block and recover assets, and would come out with a bug bounty program soon. "Every security incident is a learning and we will learn from this and further strengthen our platform, more importantly this is our time to win this war against cyberthreats in the industry and we commit to work together with experts to secure our industry," he said.

 

Co-Founder Neeraj Khandelwal also said the total amount lost was $44 million. "Coindcx Treasury will be bearing these losses. Our first and foremost objective throughout the day has been to first secure assets," he said. 

  In a statement, CoinDCX said that the affected funds were routed through Solana-Ethereum bridges and consolidated into 4,443 ETH (~$15.7 million) and 155,830 SOL (~$27.6 million) dormant.

Portfolio APIs jammed

 

Due to the breach and the subsequent security protocols, users flagged issues like unable to load portfolios on CoinDCX. In response, Khandelwal said it was because of excessive load on the platform and more server capacity was being provisioned.

 

Later, Khandelwal said that portfolios are back up. "We have significantly enhanced the server capacity to serve users," he said. 

What is CoinDCX doing to address the breach?

In a statement, CoinDCX said it is working with global cybersecurity firms, CERT-In, and partner exchanges to investigate the incident. The crypto firm is also launching a recovery bounty program to support these efforts.

 

The company said ti will share detailed forensic reports with the public once the investigation is complete. "All efforts are focused on tracing, freezing, and recovering the stolen funds in full," the statement read.

 

WazirX cyber breach incident

 

On July 18, 2024, WazirX suffered a massive cyberattack on one of its multisignature wallets, resulting in the theft of approximately $230–235 million in user funds. 

 

WazirX immediately halted deposits and withdrawals, reversed all trades conducted after 1 pm on July 18, and restored balances to their pre-hack state.

 

The exchange then proposed a controversial socialised loss strategy: users would recover 55 per cent of their crypto holdings for trading or withdrawal, while 45 per cent would be locked in USDT-equivalent tokens.

 

WazirX reported the breach to CERT-In, Financial Intelligence Unit (FIU) India, and Indian law enforcement, and offered bounty programmes, though recovery was expected to be challenging. Investigations attributed the hack to the notorious North Korean Lazarus Group.