Indian cryptocurrency exchange CoinDCX suffered a security breach on Friday, with hackers draining $44 million from one of its internal accounts. The exchange confirmed that the attackers exploited a server vulnerability to gain access to an operational wallet used for “liquidity provisions” with another trading platform.
In a public statement, CoinDCX CEO Sumit Gupta assured users that their funds were unaffected. “The incident was quickly contained by isolating the affected operational account. Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us, from our own treasury reserves,” he wrote.
Blockchain investigator ZachXBT added more detail, noting, “The attacker’s address was funded with 1 Ether from Tornado Cash and later bridged a portion of the stolen funds from Solana to Ethereum.”
Despite the breach, CoinDCX stated that regular trading and INR withdrawals on the platform continued without interruption. Gupta urged users not to act in haste: “Don’t panic, sell your assets,” he said on X, cautioning that such decisions often lead to poor outcomes. “Let the markets settle. Stay calm, stay confident,” he added.
The company’s internal cybersecurity team is collaborating with global security partners to investigate the incident, identify vulnerabilities, and recover the stolen funds. CoinDCX is also preparing to launch a bug bounty program aimed at rewarding ethical hackers who help identify system weaknesses.
Gupta acknowledged the broader implications of the incident. “This is more than just an internal matter. It’s a reminder of the evolving threats facing crypto platforms globally,” he said.
The hack comes amid heightened scrutiny of crypto security in India. The government is expected to release its first official crypto policy paper soon, potentially introducing clearer regulations to the sector.
CoinDCX has committed to transparency and said it will publish all verified findings once the investigation is complete. “CoinDCX says it is taking this incident very seriously and will continue to focus on building a safe and trustworthy crypto ecosystem in India.”
This isn’t the first such incident involving an Indian exchange. In 2023, WazirX lost over $230 million in a breach reportedly linked to compromised private keys.
The CoinDCX incident follows a wave of recent crypto-related hacks worldwide. On June 18, Iranian exchange Nobitex was targeted in a politically-motivated $100 million attack by a pro-Israel group called “Gonjeshke Darande,” which later leaked the exchange’s source code.
On July 9, the GMX V1 decentralized exchange on Arbitrum suffered a $40 million exploit, although the attacker later returned the funds in exchange for a $5 million white hat bounty. More recently, Arcadia Finance lost $3.5 million in a smart contract exploit.
