CoinDCX hacked: $44M stolen in major crypto breach – key details

New Delhi: India-based cryptocurrency exchange CoinDCX suffered a major cyberattack on July 20, with hackers stealing nearly 44 million dollars (around ₹380 crore) from the company’s internal treasury accounts. The breach stands as one of the most significant crypto security incidents in the country this year.

The cyberattack, which occurred over 17 hours ago, was first flagged by ethical hacker ZachXBT, who alerted the crypto community on social media. CoinDCX co-founder Neeraj Khandelwal later confirmed the incident on X (formerly Twitter), assuring users that their funds were unaffected and remain safe.

As a precautionary measure, CoinDCX has temporarily paused its Web3 operations. The company emphasized that customer funds on CoinDCX Web3 are secure, and the stolen amount was limited to the company's internal reserves.

Neeraj Khandelwal clarified that the stolen funds were taken from CoinDCX’s treasury and not from user accounts. He further stated that the company would absorb the entire loss internally to ensure customer trust and safety.

CoinDCX CEO Sumit Gupta explained that the hackers targeted an internal account used to manage funds on a partner platform. The breach exploited vulnerabilities in the server system. As soon as the issue was detected, the compromised account was isolated to prevent further damage. He added that since operational accounts are kept separate from user wallets, the breach impact was limited to just one internal account.

Gupta assured users that the company's internal teams, along with leading cybersecurity experts, have been working continuously to investigate the breach, fix any system flaws, and trace the movement of stolen funds.

This incident marks the second major crypto breach in India within a year. In July 2024, rival exchange WazirX suffered a massive hack that led to a loss of 234 million dollars in digital assets. The compromised wallet was hosted on the Liminal platform. That attack forced WazirX to halt trading and withdrawals, sparking panic among its 4.4 million users.

In the WazirX case, the company launched a white hat bounty program, offering up to 23 million dollars for information leading to the recovery of stolen funds. A year later, only 3 million dollars have been recovered. Investigations eventually linked the attack to North Korean state-sponsored hackers.

As investigations into the CoinDCX breach continue, the exchange has pledged transparency and user updates. The incident highlights ongoing vulnerabilities in crypto infrastructure and the growing need for robust cybersecurity as digital assets continue to gain traction in India.