CoinDCX, a cryptocurrency exchange, recently experienced a serious security breach that cost them almost $44 million from one of its internal operational accounts. Hackers gained access to a wallet on a partner exchange that was only used for liquidity provisioning in the July 19 incident. Despite the significant financial loss, the business reassured customers that their money was safe because the compromised account was isolated and kept separate from their wallets.
The breach is considered one of the largest publicly known crypto hacks involving an Indian exchange, second only to previous high-profile breaches in the country. CoinDCX confirmed that the stolen funds were moved across various channels, including the Solana-Ethereum blockchain bridge via Tornado Cash, a mixer service frequently used to obscure the origin of crypto transactions. The stolen assets were consolidated into dormant wallets, complicating efforts to trace their further movement.
CEO Sumit Gupta revealed that immediately after discovering the attack, CoinDCX’s security team contained the breach by isolating the affected operational account. The company pledged to cover the entire financial loss from its own treasury reserves without affecting customer assets or trading operations.
Customers’ Funds Secure; Platform Operations Continue Uninterrupted
Despite the hack, CoinDCX emphasized that all customer funds are safe, and normal platform activities such as trading, deposits, and withdrawals continued with minimal disruption. The company highlighted the separation of operational and customer wallets as a critical barrier that protected user assets from being compromised during the attack.
Withdrawals below ₹5 lakh reportedly complete within five hours, while larger withdrawals are processed within 72 hours. Some users experienced temporary delays in portfolio access due to increased server traffic following the announcement of the breach. To address this, CoinDCX enhanced its server capacity to ensure smoother user experiences moving forward.
CoinDCX co-founder Neeraj Khandelwal reiterated the company’s unwavering focus on protecting user funds, stating that absorbing the loss was the top priority. This strong approach reassures the exchange’s 16 million users that their assets remain in secure cold wallets, protected from similar security threats.
$11 Million Bounty Launched to Recover Stolen Funds:
In response to the incident, CoinDCX announced an ambitious bounty program offering up to $11 million to anyone who can help trace and recover the stolen funds or identify those responsible. This marks one of the largest crypto recovery bounties ever launched in India, highlighting the severity of the breach and the company’s commitment to recouping losses.
The bounty program invites cybersecurity experts, blockchain analysts, and the wider crypto community to assist in tracking the flow of the stolen assets, which remain scattered across multiple wallets. CoinDCX has also partnered with India’s Computer Emergency Response Team (CERT-In), cybersecurity firms, and other exchanges to probe the breach and patch vulnerabilities in their infrastructure.
The company acknowledged that the attack exploited weaknesses in their server security, describing it as a “sophisticated breach.” CoinDCX is determined to learn from this incident by reinforcing their systems and launching a bug bounty program to continuously identify hidden threats and vulnerabilities.
Industry Implications and Future Security Measures:
In India, the CoinDCX hack brought back debates about cryptocurrency security, specifically the protection of working wallets and infrastructure in addition to customer asset protection. Increased regulatory scrutiny and regular hacks have prompted requests for greater transparency across exchanges and stronger security measures in India’s crypto sector.
The incident highlights the growing sophistication of cybercriminals targeting crypto firms, forcing exchanges to evolve rapidly in response. CoinDCX’s readiness to absorb financial losses, maintain platform operations, and engage the global cybersecurity community showcases a proactive response that could set new standards for crisis management.
In the coming months, CoinDCX aims to bolster its security posture by collaborating with expert advisors and deploying advanced blockchain forensic tools. As the exchange strives to regain full control and rebuild trust, this breach serves as a critical learning moment for the entire industry to strengthen defenses against complex cyber threats.
Despite the setback, CoinDCX’s quick containment of the breach and clear communication have garnered cautious praise from industry observers. The focus now remains on tracking the stolen assets, capturing the culprits, and preventing similar occurrences, ensuring India’s largest crypto platform remains a reliable choice for millions of users amid an evolving digital landscape.
