CoinDCX, India’s largest centralized cryptocurrency exchange, has confirmed it suffered a significant security breach resulting in the theft of approximately $44 million.
The incident, which occurred early Saturday morning, involved an operational wallet used for liquidity provisioning and has sparked concerns across India’s crypto industry.
The hack was first flagged by prominent blockchain investigator ZachXBT, who observed suspicious transactions involving the transfer of funds from Solana to Ethereum.
Shortly after, CoinDCX co-founder and CEO Sumit Gupta publicly acknowledged the breach, describing it as a “sophisticated server-level compromise.”
He assured users that the affected wallet did not contain customer funds.
“The CoinDCX crypto exchange wallets storing user funds are not impacted and remain completely safe,” Gupta noted.
Breach Timeline and Fallout
The breach which was disclosed publicly nearly 17 hours after it occurred has drawn criticism from some corners of the crypto community.
Gupta attributed the delay to internal containment efforts and emphasized that only corporate funds were impacted.
CoinDCX has since launched a multi-pronged response. The exchange is working with cybersecurity experts, law enforcement, and a partner exchange to freeze and potentially recover the stolen assets. Plans are also underway to launch a bug bounty program to identify and patch vulnerabilities in its systems.
Despite assurances, scrutiny has intensified around the platform’s security posture and withdrawal policies.
Critics argue that CoinDCX’s restrictive withdrawal framework, which requires users to pass internal risk assessments, is overly opaque. Gupta has defended the policy, citing anti-money laundering (AML) compliance.
“Crypto withdrawals aren’t default-enabled to prevent illicit fund movement. We enable them after enhanced due diligence,” Gupta explained during a Reddit AMA in May.
Comparisons to WazirX and Concerns Over Attribution
The breach comes almost exactly one year after a $230 million hack on WazirX, formerly India’s largest crypto exchange, widely attributed to North Korea’s Lazarus Group.
While no entity has claimed responsibility for the CoinDCX attack, cybersecurity experts are not ruling out state-sponsored involvement.
Rashmi Deshpande, a cybersecurity analyst says “The timing and scale suggest a coordinated effort, but attribution requires deeper forensics.”
Vivek Shah, a chartered accountant and crypto forensic auditor, called for stronger global regulatory standards.
“It is time for a global regulation and legal framework to protect customers and investors’ funds. Centralized crypto exchanges must invest much more in cybersecurity—on par with traditional financial institutions.”
Vivek Shah
CoinDCX has pledged to absorb the entire loss through its own reserves.
However, questions remain about the adequacy of its financial safeguards.
Industry Reactions
The crypto community is divided in its response. Some applaud the exchange’s quick acknowledgment and commitment to covering losses, while others question the delay in disclosure and broader vulnerabilities.
“Exchanges must prioritize real-time monitoring over post-hack damage control. The 17-hour gap is unacceptable,” said Nischal Shetty, founder of rival blockchain platform Shardeum, speaking to CoinDesk.
As of now, CoinDCX continues to operate normally, with no interruption to trading. The exchange has not confirmed whether it has filed reports with regulatory authorities or involved law enforcement in the investigation.
The breach underscores the growing threat of cyberattacks on centralized crypto platforms and renews calls for industry-wide standards in cybersecurity and incident disclosure. CoinDCX’s ability to manage recovery, rebuild trust, and reinforce its defenses will be closely watched in the coming weeks.
For users and investors, the episode serves as another stark reminder of the persistent risks associated with digital asset platforms, even the most prominent ones.
CoinDCX co-founder and CEO Sumit Gupta announced a Recovery Bounty Program on his social media offering up to 25% of any recovered funds to individuals or teams who can help trace and retrieve the stolen crypto.
