CoinDCX has confirmed that it processed every single INR withdrawal request after suffering a $44 million hack early Saturday. The breach targeted a server account linked to a partner exchange in India and was detected about 17 hours later by blockchain researcher ZachXBT.
CEO Sumit Gupta announced on X (Twitter) that both large and small requests have been fully handled and urged users to check their bank accounts for successful transfers.
Withdrawal Processing and CEO Response
Sumit Gupta took to X(Twitter) to reassure customers that “100 % of INR withdrawal requests” have been fulfilled. He asked anyone still seeing pending transactions to reach out and thanked users for their support during this difficult period.
The swift payout drew praise from the crypto community and helped calm concerns about funds being frozen indefinitely.
CoinDCX said attackers exploited a server account dedicated to liquidity provisioning. The company clarified that customer wallets were never compromised.
ZachXBT traced the stolen funds moving from Solana into Ethereum after an initial 1 ETH deposit passed through Tornado Cash. CoinDCX pledged to cover the losses from its own reserves rather than passing losses onto customers.
Also Read: BREAKING: Arcadia Finance Suffers Major Crypto Hack Resulting in a Loss of $2.5 Million
Rapid Response and Industry Parallels
CoinDCX was quick in locking down the breach and restoring services. Within hours of the hack, the team sent out notices and also froze affected systems and began processing withdrawals. This stands in contrast to many past incidents where withdrawals were paused for days or weeks.
In January 2025, Bybit faced a 1.4 billion hack and prioritised returning 100% customer funds and withdrawals before resuming normal operations. Their fast action set a precedent that CoinDCX has now followed.
Regulatory Landscape and Past Incidents
This CoinDCX hack marks the second major security breach at an Indian exchange since WazirX had a $234 million exploit in 2024. Other platforms, including BuyUcoin, have reported breaches tied to operational mistakes rather than regulatory failings.
While exchanges must now register with the Financial Intelligence Unit and enforce KYC norms, there is no formal rulebook on infrastructure integrity or breach disclosures.
The absence of clear guidelines for incident resolution and mandatory audits has led to uneven responses across the industry.
CoinDCX said it will conduct a full forensic review and share findings with regulators. The company plans to strengthen its security architecture and review all partner integrations.
Industry experts say clear protocols for reporting hacks and standardised security audits could help prevent future losses. For now, CoinDCX aims to rebuild customer trust by demonstrating transparency and accountability in its operations.