Indian cryptocurrency exchange, CoinDCX, recently experienced a major security breach, resulting in the loss of $44 million. This follows a similar, even larger, attack on WazirX last year.
What Happened?
According to CoinDCX CEO Sumit Gupta, hackers breached one of their internal operational accounts. Importantly, Gupta stressed that user funds are safe and unaffected. The compromised account was only used for liquidity on a partner exchange, and all user wallets remain secure. INR withdrawals are also still working.
CoinDCX has already isolated the affected account to contain the damage. They plan to recover the lost funds from their reserves and are actively tracking down the perpetrators. This involves an internal security review and the upcoming launch of a bug bounty program to incentivize security researchers to find vulnerabilities.
Criticism and Investigation
On-chain investigator ZachXBT criticized CoinDCX for waiting 17 hours to publicly announce the hack, despite their claims of transparency. ZachXBT also tracked the hackers’ movements, noting they used Tornado Cash to launder some of the stolen ETH and bridged some funds from Solana to Ethereum.
Gupta called the incident a “learning moment,” highlighting the ongoing challenges the crypto industry faces in cybersecurity.
The Bigger Picture
The CoinDCX hack is just the latest in a string of major crypto heists. Data from Chainalysis reveals that crypto services lost a staggering $2.17 billion to hackers in the first half of 2025 alone – already exceeding the total losses of nearly $2 billion for all of 2024. If this trend continues, Chainalysis predicts losses could reach $4.3 billion for the entire year.