CoinDCX Hacked for $44 Million: Major Crypto Exchange Suffers Security Breach; What We Know So Far

On Saturday evening, July 19, CoinDCX, one of India's top cryptocurrency exchanges, confirmed a major security breach after hackers drained approximately $44 million from an internal operational wallet. Cybersecurity experts noticed some unusual fund movements using crypto mixers and cross-chain bridges, which quickly caught the attention of the crypto security community.However as per Official statements no user money was lost the stolen funds came from CoinDCX's own company reserves.

How the Hack Happened

As per the company's statement, CoinDCX's internal account, which is used for liquidity on a partner exchange, was targeted via a "sophisticated server breach."

The attacker used 1 ETH via Tornado Cash and moved the stolen $44.2 million across Solana and Ethereum to obscure the fund trail.

Response from CoinDCX Founders

Sumit Gupta, CEO & co-founder, informed the users that the compromised account was segregated from customer wallets and the loss would be absorbed by company reserves, with user assets safe in cold storage.

"Today, one of our internal operational accounts, used only for liquidity provisioning on a partner exchange, was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe."

"Our internal security and operations teams have been working through the day along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities, and trace the movement of funds. We are collaborating with the exchange partner to block and recover assets, including coming out with a bug bounty program soon," he further stated.

Neeraj Khandelwal, co‑founder of CoinDCX, confirmed on X that losses of about USD 44M would be borne by the CoinDCX Treasury.
"The total amount lost was ~$44Mn out of our treasury assets. Coindcx Treasury will be bearing these losses. Our first and foremost objective throughout the day has been to first secure assets."

Actions Taken

CoinDCX instantly isolated the compromised wallet and suspended related Web3 operations.The exchange said that it is ollaborating with cybersecurity experts, law enforcement, and its partner exchange, with plans to implement a bug bounty program.

Last year, in July 2024, WazirX, another crypto trading platform, encountered a hack where the company suffered about a $235M loss.

Recovery Program

As of the current status, Sumit Gupta's last tweet on X stated, "Portfolio is back up. We have significantly enhanced the server capacity to serve users. Thanks for the patience, guys."

"I want to thank everyone who reached out with support and sought clarity in the spirit of trust and transparency. At CoinDCX, our first responsibility is to our users and the security of their assets. While this breach was limited to one internal operational account-and no customer funds were impacted-we take this incident extremely seriously. This is more than an internal matter; it's a stark reminder of the evolving threats facing the crypto ecosystem, not just in India but globally. As the country's largest exchange, we are committed to set new benchmarks in security and resilience. Our commitment is clear: to protect our customers, strengthen industry-wide defenses, and help build a safe and trusted foundation for India's digital asset economy." Sumit Gupta said in a statement,