CoinDCX Hacked for $44 Million in Crypto: Internal Account Breached, User Funds Safe
This past weekend, Indian cryptocurrency platform CoinDCX suffered a large-scale cyberattack, resulting in the theft of over $44 million in digital assets. The breach affected only the company’s internal operational account, with user funds reportedly remaining untouched, according to co-founders Neeraj Khandelwal and Sumit Gupta.
Signs of the incident first appeared on the co-founders’ social media accounts on July 19, and the theft was soon officially confirmed. The compromised account was swiftly isolated from the rest of the infrastructure, effectively containing the threat. CoinDCX emphasized that customer assets are held separately and were not impacted, and that all losses will be covered using the company’s internal reserves.
Founded in 2018, CoinDCX has grown into one of India’s largest cryptocurrency exchanges, serving approximately 16 million users. Following the breach, the company notified the national cybersecurity response team and engaged information security experts to conduct a full investigation. Efforts are now underway to patch vulnerabilities and trace the stolen funds, with the aim of freezing and recovering them.
According to both company officials and independent blockchain security experts, the stolen assets included stablecoins USDC and USDT worth approximately $44.2 million. The attackers dispersed the funds across two wallets—one holding $27.6 million, the other $16.2 million. By the following day, both wallets had been emptied, though analysts were able to trace the movement of the funds to a different address.
In a report published on July 20, CoinDCX announced that it would fully absorb the financial loss and launch a bug bounty program. Furthermore, the platform offered up to 25% of the recovered amount as a reward to anyone who contributes to the retrieval of the stolen funds and identification of the perpetrators for potential legal action.
The company also issued a warning regarding the surge in fake accounts impersonating official CoinDCX representatives. Users are strongly advised not to disclose login credentials to anyone contacting them via messaging apps or social media under the guise of company affiliation.
This incident marks yet another blow to India’s cryptocurrency sector. Just a few months earlier, another major platform, WazirX, reported losses of at least $230 million following a data breach orchestrated by an attacker later apprehended by law enforcement.
According to the latest figures from Chainalysis, total global losses due to cryptocurrency theft had surpassed $2.17 billion by July 2025—already exceeding the total losses recorded for all of 2024. The recent attack on CoinDCX underscores a troubling trend: cybercriminals continue to escalate their assaults on the crypto industry despite growing security measures.
