Indian cryptocurrency exchange CoinDCX has suffered a major cyberattack, losing approximately $44.2 million (around ₹378 crore) from one of its internal operational wallets. The company confirmed the breach in a public statement released on July 19, 2025, but reassured users that all customer funds are safe and have not been impacted by the incident.According to CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal, the compromised wallet was used exclusively for providing liquidity on a third-party exchange and did not contain any user assets. The attack occurred due to a targeted breach of an operational server, which allowed unauthorized access to this specific wallet.
The company stated that the entire loss will be covered by CoinDCX’s treasury, and that it has already taken immediate steps to contain the breach and investigate the issue. CoinDCX has filed a First Incident Report with CERT-In (Indian Computer Emergency Response Team) and is working with international cybersecurity firms to trace the stolen assets and identify the attackers.
In a detailed social media update, Sumit Gupta emphasized that user operations remain unaffected, including deposits, withdrawals, and trading. All user assets are stored in secure cold wallets that are isolated from the internet, minimizing exposure to external threats.
As part of the response, CoinDCX has temporarily disabled Web3 services and conducted a thorough security review. The platform has also pledged to introduce enhanced security protocols and launch a bug bounty program to strengthen its infrastructure.
This incident follows a growing trend of cyberattacks in the crypto sector, with CoinDCX now joining the list of major platforms targeted in recent months. While the loss is significant, industry experts have acknowledged the company’s transparent handling of the situation and its swift decision to shield customers from any financial impact.
CoinDCX’s proactive steps and public communication aim to maintain trust and stability in India’s growing cryptocurrency ecosystem, even as the breach highlights the ongoing need for robust cybersecurity measures and regulatory oversight in the industry.
