NEW DELHI – In a major security incident that has sent shockwaves through India's cryptocurrency community, Mumbai-based exchange CoinDCX has suffered a sophisticated hack resulting in the theft of approximately $44.2 million (Rs 378 crore). The breach, which targeted an internal operational account, was detected in the early hours of July 19, 2025. In a swift response, the company's co-founders, Sumit Gupta and Neeraj Khandelwal, took to the social media platform X (formerly Twitter) to reassure their user base, stating unequivocally that customer funds were not impacted and remain completely safe.
In a move to calm the market and protect its users, CoinDCX announced in a First Incident Report that it would be absorbing the entire financial loss using the company's own treasury reserves. The incident has nonetheless cast a harsh spotlight on the persistent and evolving security threats facing the digital asset industry, sparking a wave of user anxiety and causing temporary technical disruptions on the platform as customers rushed to verify their holdings.
The Breach and The Response
According to the official report released by the company on Sunday, the security breach was first detected at 4 AM IST on Saturday, July 19. The exchange's automated security systems flagged unauthorized access to one of its operational accounts used for providing liquidity on a partner exchange. This compromise led to the significant financial exposure of over $44 million.
The company's leadership moved to control the narrative and prevent widespread panic. Co-founder and CEO Sumit Gupta addressed the issue directly on X, stating, “Today, one of our internal operational accounts -- used only for liquidity provisioning on a partner exchange -- was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won’t cause any loss to our customers. CoinDCX will be bearing the full amount.”
This assurance was echoed by co-founder Neeraj Khandelwal, who specified the source of the funds used to cover the theft. "The total amount lost was USD 44Mn out of our treasury assets. CoinDCX Treasury will be bearing these losses," he wrote. This distinction between internal operational funds and segregated customer funds is a critical one, and the exchange has been firm in its messaging that this firewall was not breached.
A Ripple of Panic: API Jams and Withdrawal Surge
Despite the assurances from leadership, the news prompted a predictable and immediate reaction from users. A massive spike in login activity and withdrawal requests occurred shortly after the disclosure. This sudden surge in traffic overwhelmed CoinDCX’s portfolio APIs—the technical infrastructure responsible for displaying user balances and transaction histories.
For several hours on Sunday, many users reported that they were unable to see their holdings on the app or website, with portfolios showing a zero balance. This technical glitch, while temporary, added fuel to online rumors and anxiety. The co-founders later provided an update confirming that the Portfolio APIs had been fully restored and that the affected infrastructure had been completely isolated.
CoinDCX stated that its services remain operational. "Trading activity, INR deposits and INR withdrawals continue," the company said, providing a timeline for fiat withdrawals: "INR withdrawals below Rs 5 lakhs will reflect in your account within 5 hours, while withdrawals above Rs 5 lakhs will be processed within 72 hours."
A Troubling Pattern: India's Crypto Exchanges Under Siege
This incident is not an isolated event but the latest in a series of high-profile security breaches that have plagued the Indian crypto ecosystem, eroding investor trust. The attack on CoinDCX is eerily reminiscent of a major heist that occurred last year, when rival crypto exchange WazirX faced a hack leading to the loss of more than $230 million.
These repeated incidents highlight the immense challenge that exchanges face in securing digital assets against increasingly sophisticated and persistent attackers. While the technology offers decentralized promise, the centralized nature of exchanges makes them high-value targets. Breaches of this magnitude, even when limited to internal accounts, raise serious questions about the robustness of the security infrastructure protecting the entire ecosystem.
The Road to Recovery: Forensics and Regulatory Oversight
In line with regulatory requirements and best practices, CoinDCX has initiated a multi-pronged investigation into the breach. The company has officially informed CERT-In (the Indian Computer Emergency Response Team), India's national nodal agency for responding to cybersecurity incidents.
Furthermore, CoinDCX announced that a detailed forensic investigation is already underway, with the assistance of two globally reputable security agencies. The exchange has committed to transparency, stating that the findings will be shared for "public benefit." The incident was reportedly first brought to public attention by the renowned on-chain investigator ZachXBT, after which the exchange made its official public disclosure.
A Divided Community: Praise and Criticism on Social Media
The reaction from the crypto community on social media has been sharply divided. Many users and industry observers have praised CoinDCX for its handling of the crisis, particularly its decision to absorb the entire loss and protect its customers.
"Good to see CoinDCX acting responsibly, assuring user funds are safe, and not passing losses onto customers. Sets a positive precedent for Indian crypto exchanges," one user wrote on X.
However, a significant portion of the community has been critical of the delay in the exchange's public announcement. The breach was detected early on Saturday morning but was only officially confirmed by the company on Sunday.
"CoinDCX silent for 17 hours? That's more suspense than a thriller! In the crypto world, transparency isn't optional; it's essential. Stay open to keep trust alive!" another user commented. This highlights the delicate balance between conducting an internal investigation and providing immediate, transparent communication to a nervous market.