Indian crypto exchange CoinDCX confirmed on Saturday that attackers had stolen approximately $44 million after breaching a server account linked to a partner exchange.
The hack began early Saturday morning in India. It was spotted some 17 hours later by blockchain researcher ZachXBT, who traced funds moving from Solana into Ethereum after an initial 1 ETH deposit from Tornado Cash.
CoinDCX says the compromised account was used only for liquidity provisioning and that customer wallets remained untouched. CEO Sumit Gupta pledged the company would absorb the loss from its own reserves.
Discovery and Initial Containment
Blockchain sleuth, ZachXBT, first flagged the breach to his followers, pointing out that the attacker had funded their address with Tornado Cash and then bridged stolen assets across chains.
Within 10 minutes of ZachXBT’s post, Gupta took to X(Twitter) to confirm the incident. He explained that a “sophisticated server breach” had hit an internal operational account, but stressed that customer funds were safe in segregated cold wallets.
The moment the breach was confirmed, CoinDCX’s security team isolated the affected account. Trading and INR withdrawals continued without interruption. Gupta emphasised that no user assets were at risk and that the main customer wallets were never in play.
Ongoing Investigation and Recovery Plans
CoinDCX has called in global cybersecurity experts to trace the stolen funds and patch vulnerabilities. The exchange is working closely with its partner to block further movement and recover as much as possible.
Gupta said a bug bounty program will launch soon to involve the wider security community in finding any remaining gaps.
Authorities and forensic agencies have also been notified. CoinDCX aims to recover stolen assets through legal and technical channels. In the meantime, the company’s treasury will cover the full $44 million shortfall.
Strong Security Framework
Gupta pointed out that CoinDCX’s multi‑layered security framework, which spreads assets across several custodians, helped contain the damage.
He said the platform runs monthly proof of reserves and maintains a dedicated fund to compensate users if a breach ever affects customer holdings. That fund currently holds about $7 million.
The exchange’s public proof of reserves report for June listed total holdings of $584.2 million and noted nearly 20 million registered users. Gupta believes these measures set CoinDCX apart from past incidents like the $230 million WazirX exploit one year ago.
Past Challenges and User Policies
In its drive to stay secure, CoinDCX has sometimes drawn criticism for its cautious withdrawal policies.
By default, customers cannot withdraw crypto unless the exchange completes an internal review. This stance has frustrated some users, but has also helped keep large sums safe.
When asked on Reddit about a repeat of the WazirX hack, Gupta expressed confidence that CoinDCX’s safeguards would prevent a similar event. He cited the firm’s compliance efforts, regular audits, and layered wallet architecture as key defences.
Looking Ahead
As CoinDCX works to tighten its systems, it plans to share a full incident report covering the July 19 breach. The report will outline the attack timeline, response steps, and lessons learned. The company hopes this transparency will build trust and help the industry raise its security bar.
Customer trading and withdrawals remain fully operational. CoinDCX urges everyone to follow official channels for updates and to stay alert against phishing attempts.
Also Read: CoinDCX Founder Sumit Gupta Commends India’s AI Push And Hopes For Crypto Support Soon