Crypto Hack Hits India’s CoinDCX for $44M—Customer Funds Reportedly Safe, Investigation Ongoing
Indian crypto exchange CoinDCX confirms a $44 million treasury loss after a cross-chain hack. Customer assets remain secure, but Web3 services are suspended.
India’s largest cryptocurrency exchange, CoinDCX, has confirmed a $44 million loss after a sophisticated cyberattack targeted one of its internal treasury accounts. According to the company, no customer assets were affected, but the exchange’s own funds were drained in what is now one of the most severe security breaches in India’s crypto sector this year.
The theft was first flagged by blockchain investigator ZachXBT, who tracked suspicious transactions involving CoinDCX wallets early Friday. The hacker reportedly used Tornado Cash, a crypto anonymizer banned in several countries, to obscure the origin of initial funds. From there, the attacker bridged part of the stolen assets from Solana to Ethereum, a technique often used to mask the flow of funds across blockchains.
“This particular CoinDCX wallet wasn’t tagged publicly, so the attribution required tracing counterparties manually,” ZachXBT wrote in his Telegram channel, Investigations by ZachXBT. He credited crypto security platform Cyvers Alerts for first spotting the unusual withdrawals.
CoinDCX Says Customer Assets Are Safe
Within hours of the blockchain community uncovering the breach, CoinDCX CEO Sumit Gupta confirmed the hack on social media, explaining that the compromise involved a liquidity account connected to a partner exchange, not customer holdings.
“Our operational account was compromised due to a sophisticated server-side breach. But the wallets that store customer funds remain unaffected,” Gupta said.
CoinDCX says it uses segregated wallet systems—keeping customer funds in offline cold storage, while operational accounts handle liquidity. Gupta stated that the exchange’s treasury reserves, not customer deposits, will cover the full loss.
All INR withdrawals and crypto trading services remain active on CoinDCX’s main platform.
$44 Million Loss Confirmed, Web3 Platform Temporarily Frozen
Neeraj Khandelwal, co-founder of CoinDCX, confirmed that the total stolen amounts to $44.2 million, based on both internal audits and external assessments. He explained the delay in public disclosure was due to security measures being prioritized over immediate public announcements.
During the incident, several users reported that their CoinDCX portfolio pages were inaccessible or displayed incorrect balances. Khandelwal blamed the issues on technical strain from a sudden spike in traffic, not the hack itself.
CoinDCX has also paused operations on its Web3 trading platform, which allows users to interact with decentralized protocols. The company said this decision was made "out of an abundance of caution," though it assured customers that Web3 account funds are intact.
Global Crypto Security in Focus as Cross-Chain Theft Increases
The CoinDCX incident highlights an ongoing global trend: cross-chain exploits targeting crypto exchanges' treasury accounts. The hacker’s method of shifting funds between blockchains—from Solana to Ethereum—reflects a pattern seen in recent international attacks, making asset recovery more complicated.
This isn’t the first time an Indian exchange has faced such a breach. In July 2024, competitor WazirX suffered a $234 million exploit, later linked to the North Korea-based Lazarus Group, according to security analysts.
While CoinDCX has not yet identified who is behind this attack, the company says it is working with crypto forensics agencies and its exchange partners to trace the stolen funds. Efforts to block and recover the assets are ongoing.
Exchange Plans Security Upgrades
CoinDCX says it plans to launch a bug bounty program to encourage independent security researchers to find and report system vulnerabilities before they can be exploited. No timeline has been given for when this program will go live.
Meanwhile, the exchange says it will keep customers updated as the investigation continues.
| Event | Details |
|---|---|
| Breach Date | July 19, 2025 |
| Amount Stolen | $44.2 million (CoinDCX treasury funds) |
| Attack Method | Server-side breach, Solana-to-Ethereum bridge |
| Initial Funding of Hacker | 1 ETH via Tornado Cash |
| Customer Funds Affected | No |
| Web3 Trading Status | Temporarily suspended |
| Recovery Efforts | Ongoing with forensic partners |
| Planned Actions | Bug bounty program, security overhaul |
India is one of the fastest-growing crypto markets in the world, with millions of users entering the space over the last two years. Incidents like the CoinDCX hack raise concerns not just for Indian investors but for crypto security worldwide, as attackers increasingly target cross-chain infrastructure and exploit operational weak points.
CoinDCX has assured its customers that trading remains open, withdrawals are fully functional, and user funds are safe. However, the broader crypto community will be watching closely to see whether the stolen assets can be traced and recovered—and whether this attack signals new vulnerabilities in the global exchange system.
Also Read: Crypto Hacking Thefts Surge to $1.4 Billion in First Half of 2024
