CoinDCX Reports $44 Million Security Breach After Server Compromise

Indian cryptocurrency exchange CoinDCX has confirmed it suffered a major security incident, with attackers siphoning off $44 million in digital assets due to a sophisticated server breach.

The exploit, which was first publicly flagged by blockchain security analyst ZachXBT, follows a wave of high-profile crypto hacks across the sector in 2025.

The exploit occurred early Saturday morning and remained undetected for nearly 17 hours until ZachXBT identified suspicious wallet activity linked to CoinDCX.

According to his analysis, the attacker’s address was initially funded with 1 ETH from Tornado Cash, a privacy-focused protocol, and later used cross-chain bridges to move a portion of the stolen assets from Solana to Ethereum.

Official Response and Customer Impact

Shortly after the breach was brought to light, CoinDCX CEO Sumit Gupta confirmed the incident, describing it as a “sophisticated server breach” that compromised an internal account dedicated to liquidity operations with a partner platform.

But Gupta reassured that the customers' funds were safe and that the company would cover the losses.

The company has launched efforts to recover and block compromised assets, working in collaboration with its partner exchange.

Gupta also revealed plans for an imminent bug bounty program to further enhance platform security.

This breach arrives almost exactly a year after the WazirX hack, which forced the rival exchange offline and disrupted its plans for restructuring.

That attack was eventually attributed to North Korea’s Lazarus Group, but to date, no entity has claimed responsibility for the CoinDCX breach.

Platform Growth and Security Criticism

Founded in 2018, CoinDCX quickly achieved unicorn status after raising $90 million at a $1.1 billion valuation.

A year later, it raised another $135 million, pushing its valuation to over $2 billion.

In July 2024, the company acquired Dubai-based BitOasis signaled further global growth ambitions.

Despite its rise, CoinDCX has faced criticism over restrictive withdrawal policies, which do not enable crypto withdrawals by default.

Users must pass internal risk assessments to access the feature. In a recent Reddit AMA, Gupta defended these measures as anti-money laundering safeguards, even as he stressed the platform’s robust security protocols—citing proof of reserves and a $7 million insurance fund as key user protections.

As of June, CoinDCX reported holding $584.2 million in assets and serving close to 20 million registered users.