Crypto exchange CoinDCX has confirmed a major security breach resulting in the theft of digital assets worth approximately $44 million (around INR 380 crore). According to the company, the breach stemmed from an internal operational account used solely for liquidity provisioning on a partner platform.
Neeraj Khandelwal, cofounder of CoinDCX, stated on social media platform X, “The total amount lost was ~$44Mn out of our treasury assets. CoinDCX Treasury will be bearing these losses. Our first and foremost objective throughout the day has been to first secure assets.”
Sumit Gupta, CEO and cofounder, clarified that the affected account was “compromised due to a ‘sophisticated’ server breach.” He added that the issue was swiftly contained by isolating the impacted account. “We are collaborating with the exchange partner to block and recover assets, including coming out with a bug bounty program soon. Every security incident is a learning and we will learn from this and further strengthen our platform, more importantly this is our time to win this war against cyberthreats in the industry and we commit to work together with experts to secure our industry,” Gupta said.
CoinDCX emphasized that the breach did not affect customer wallets or funds. Gupta further noted that trading operations and INR withdrawals continue to function normally. However, Khandelwal mentioned that as a safety measure, “trading in the Web3 section” has been temporarily suspended.
“CoinDCX team is all hands working to firefight the situation as we speak and we will get to the depths of the incident. All the customer assets are safe and the trading activity plus the INR withdrawals continue unhindered… ,” Khandelwal added.
The company also revealed plans to launch a bug bounty program and is working with cybersecurity specialists to trace the stolen assets and fix any vulnerabilities.
This incident makes CoinDCX the second major Indian crypto exchange to experience a significant cyberattack in the past year. In July 2024, WazirX reported a breach resulting in the theft of $234 million from one of its wallets managed by institutional custodian Liminal.
That event led to temporary suspension of trading and withdrawals, regulatory investigations, and the launch of a white-hat bounty program, though only $3 million of the stolen assets were recovered as of early 2025.
