CoinDCX, one of India’s top crypto trading platforms, has confirmed that it suffered a major security breach resulting in the theft of approximately $44.2 million in digital assets.
According to the company, the attack, which occurred on July 19, specifically targeted one of its internal operational accounts used only for liquidity provisioning on a partner exchange, due to a sophisticated server breach.
However, despite the scale of incident, the exchange noted that wallets used to store customer assets were not impacted and are completely safe. The incident was quickly contained by isolating the affected operational account. CoinDCX said that since its operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed from the treasury reserves.
Register for Tekedia Mini-MBA edition 19 (Feb 9 – May 2, 2026): big discounts for early bird.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab: From Technical Design to Deployment (next edition begins Jan 24 2026).
“Our internal security and operations teams have been working through the day along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities, and trace the movement of funds. We are collaborating with the exchange partner to block and recover assets, including coming out with a bug bounty program soon.
“Every security incident is a learning, and we will learn from this and further strengthen our platform. more importantly this is our time to win this war against cyberthreats in the industry, and we commit to work together with experts to secure our industry”, the company’s co-founder Sumit Gupta wrote via a post on X.
CoinDCX Recovery Efforts
Following the significant breach on CoinDCX, the exchange is collaborating with India’s Computer Emergency Response Team (CERT-In), partner exchanges, and global cybersecurity experts to investigate the violation and trace the stolen funds.
Additionally, the exchange has announced a recovery bounty program, offering up to 25% of the recovered funds to individuals or teams who assist in retrieving the funds or identifying the perpetrators.
The company wrote,
“Announcing the CoinDCX Recovery Bounty Program: Up to 25% of any recovered funds will be awarded to individuals or teams who can help trace and retrieve the stolen crypto. We want to be upfront. The exposure was from our reserves, and we have already absorbed it through our corporate treasury.
“This doesn’t impact any of our customers, and the platform continues to run as normal. More than recovering the stolen funds, what is important for us is to identify and catch the attackers, because such things shouldn’t happen again, not with us, not with anyone in the industry. We will fight this and ensure that the Indian crypto community comes out of this stronger”.
In the wake of the security breach, CoinDCX in the last 24 hours has reportedly received a total of ~31,462 INR withdrawal requests from our customers.
Founded in 2018, CoinDCX has grown into India’s leading crypto exchange, serving over 16 million users and offering access to more than 500 crypto assets. The company became India’s first crypto unicorn in 2021, raising $90 million at a $1.1 billion valuation, followed by a $135 million round in 2022, pushing its valuation to $2.15 billion.
Backed by investors like B Capital, Coinbase Ventures, and Polychain Capital, CoinDCX has positioned itself as a security-focused platform, maintaining monthly transparency reports and a $7 million compensation fund for potential user losses.
CoinDCX breach occurs after India’s crypto exchange WazirX suffered a significant breach that saw millions of dollars wiped out from its platform. Recall that last year, the exchange suffered a major security breach resulting in the theft of over $230 million in digital assets.
WazirX, which popularly calls itself ‘India Ka Bitcoin Exchange’ confirmed the breach in a post on X, formerly known as Twitter. According to a report in CoinDesk, Blockchain sleuth Elliptic, the North Korea-linked hackers appear to be behind the attack.
The recent breach on CoinDCX has raised questions about operational security at Indian crypto exchanges, especially as the sector operates without a comprehensive regulatory framework.
Surging Crypto Theft
The incessant cases in crypto theft, isn’t surprising as Chainalysis in its recent report, disclosed that the year 2025 is shaping up to be the most devastating on record for cryptocurrency-related theft.
According to the report, the first half (H1) of 2025 has witnessed unprecedented levels of cryptocurrency theft, with over $2.17 billion already stolen from crypto services, surpassing the total losses of 2024.
Thus far, 2025 data present a troubling picture of how crypto crime is evolving. While the ecosystem has matured in terms of regulatory frameworks and institutional security practices, threat actors have correspondingly upgraded their capabilities and expanded their range of targets. As attackers evolve with the use of sophisticated tools, experts have urged the need for robust protection, education, and global collaboration.