CoinDCX, India’s largest cryptocurrency trade, misplaced $44.2 million after hackers broke into one in every of its inside wallets on Friday. The assault focused a pockets used for buying and selling with accomplice exchanges, not buyer accounts.
The hack got here precisely one yr after one other main Indian crypto trade, WazirX, misplaced $235 million to hackers. This timing raises new questions on safety at Indian crypto platforms.
How the Assault Occurred
Blockchain detective ZachXBT first spotted the hack and accused the CoinDCX group of ready 17 hours earlier than disclosing. The investigator discovered that hackers began with simply 1 Ethereum coin from Twister Money, a service that hides the place crypto comes from. They then moved stolen funds between totally different blockchains, together with Solana and Ethereum.
CoinDCX CEO Sumit Gupta confirmed the assault inside 10 minutes of ZachXBT’s public announcement. Gupta blamed a “server breach” that permit hackers entry an inside account used just for offering liquidity to accomplice exchanges.
The hackers moved cash via a number of wallets throughout totally different blockchains, making it onerous to trace. Safety agency Cyvers first detected the suspicious withdrawals from CoinDCX’s scorching pockets.
Firm Response and Person Safety
CoinDCX acted shortly to include the injury. The trade remoted the affected account and froze associated inside programs. CEO Gupta harassed that buyer funds stayed protected as a result of the corporate retains operational accounts separate from person wallets.
“The incident was shortly contained by isolating the affected operational account,” Gupta said in a public assertion. “Since our operational accounts are segregated from buyer wallets, the publicity is just restricted to this particular account and is being absolutely absorbed by us, from our personal treasury reserves.”
The trade stored all buying and selling and rupee withdrawals working usually. Nonetheless, CoinDCX briefly shut down its Web3 characteristic as a security measure.
CoinDCX is working with safety consultants and crypto forensics businesses to get well the stolen funds. The corporate additionally plans to launch a bug bounty program to seek out and repair safety holes.
CoinDCX’s Place in Indian Crypto Market
Based in 2018, CoinDCX serves over 13 million customers and holds the title of India’s most useful crypto firm. The trade reached a $2.15 billion valuation in 2022 after elevating $135 million from traders together with Pantera Capital and Coinbase Ventures.
The corporate grew to become India’s first crypto unicorn in 2021. As of June 2025, CoinDCX reported holding $584.2 million in complete belongings throughout practically 20 million registered customers.
CoinDCX has positioned itself as a security-focused platform. The trade maintains month-to-month transparency stories and operates a $7 million fund designed to compensate customers if a safety breach impacts buyer accounts.
Rising Crypto Safety Threats in 2025
The CoinDCX hack provides to a troubling yr for crypto safety. CertiK’s latest report reveals that hackers stole $2.47 billion within the first half of 2025, already beating all of 2024’s losses.
Two large hacks drove most of those losses: the Bybit trade misplaced $1.5 billion in February, and Cetus Protocol misplaced $225 million in Might. These two incidents alone account for $1.78 billion of the full.
Cyvers CTO Meir Dolev identified that centralized exchanges stay prime targets. “In Q2 2024 alone, over 65% of losses in Web3 originated from CEX-related incidents, with practically $500 million misplaced because of pockets entry breaches,” Dolev mentioned.
The safety agency famous that hackers more and more use subtle strategies to entry trade wallets. Cross-chain assaults, the place criminals transfer cash between totally different blockchains, make monitoring stolen funds a lot more durable.
What This Means for Indian Crypto Customers
The CoinDCX hack highlights ongoing safety challenges at Indian crypto exchanges. Final yr’s WazirX hack, attributed to North Korean hackers, pressured that trade to cease operations. A Singapore courtroom just lately rejected WazirX’s restructuring plan.
Earlier than the WazirX incident, CoinDCX CEO Gupta had expressed confidence that his trade’s safety measures would forestall comparable assaults. The corporate pointed to its multi-layered safety framework and fund segregation as key protections.
CoinDCX acquired Dubai-based platform BitOasis in July 2024, establishing worldwide growth plans. The hack could gradual these progress efforts as the corporate focuses on strengthening safety.
The $44 million loss represents about 7.5% of CoinDCX’s complete holdings. Whereas vital, this quantity shouldn’t threaten the trade’s operations since buyer funds remained untouched.
Conclusion
The CoinDCX hack reveals that even well-funded exchanges with robust safety claims stay weak to classy assaults. Whereas the trade protected buyer funds and responded shortly, the incident raises questions on operational safety at Indian crypto platforms. Because the crypto trade faces record-breaking safety losses in 2025, exchanges should strengthen their defenses in opposition to more and more complicated threats.
Sven Luiv Sven Luiv Read More
