Key Takeaways
CoinDCX lost $44.2 million due to a sophisticated server-side exploit targeting an internal liquidity wallet.
Customer funds remain safe, with the exchange confirming no impact on user assets or withdrawals.
CoinDCX will cover the entire loss from its treasury and launch new security initiatives, including a bug bounty program.
India’s second-largest crypto exchange, CoinDCX, has confirmed a major security breach that resulted in the loss of $44.2 million from one of its internal operational accounts. The compromised wallet was used exclusively for liquidity provisioning on a partner exchange and was not connected to customer assets. CEO Sumit Gupta assured users that all trading and withdrawal services remain fully operational and that the company will absorb the loss without affecting users.
The breach was first flagged by on-chain investigator ZachXBT, who traced suspicious fund movements involving Tornado Cash and cross-chain transfers from Solana to Ethereum. CoinDCX responded swiftly by isolating the affected account and initiating a full-scale investigation with cybersecurity partners.
Incident Overview
The exploit occurred on July 19, 2025, targeting a hot wallet used for liquidity provisioning. According to Gupta, the breach stemmed from a sophisticated server attack, and the attacker’s wallet was funded via Tornado Cash before bridging assets across blockchains. CoinDCX emphasized that its cold wallet infrastructure, which stores customer assets, was untouched.
Company Response
CoinDCX has pledged to fully reimburse the stolen funds from its own treasury, ensuring no customer losses. The exchange has partnered with cybersecurity firms to trace the stolen assets and patch vulnerabilities. Gupta also announced plans to launch a bug bounty program to encourage ethical disclosures and strengthen platform security.
Industry Implications
This incident echoes last year’s $230 million WazirX hack, highlighting persistent vulnerabilities in centralized exchanges. While CoinDCX’s transparency and swift containment are commendable, the delay in public disclosure, only after the breach was flagged on-chain, raises questions about crisis communication protocols. The exchange’s commitment to security upgrades and real-time updates will be crucial in restoring user confidence.
