CoinDCX Confirms $44 Million Hack, Customer Funds Safe

Generated by AI AgentCoin World
Sunday, Jul 20, 2025 5:46 am ET1min read
Aime RobotAime Summary

- Indian crypto exchange CoinDCX confirmed a $44M hack via a sophisticated server breach targeting a liquidity partner account.

- CEO Sumit Gupta assured customer funds remained untouched, pledging treasury coverage and collaboration with partners to recover assets.

- The incident underscores crypto industry's $2.2B H1 2025 losses from hacks, with CoinDCX facing scrutiny over restrictive withdrawal policies despite prior security assurances.

- CoinDCX, valued at $2B after 2024's BitOasis acquisition, plans a bug bounty program amid ongoing challenges in balancing security and user accessibility.

Indian crypto exchange CoinDCX has confirmed a major security breach that resulted in the loss of $44 million. The exploit took place early Saturday morning and was first identified nearly 17 hours later by blockchain investigator ZachXBT, who linked the compromised wallet to CoinDCX. ZachXBT noted that the attacker address was funded with 1 ETH from Tornado Cash and later bridged a portion of the stolen funds from Solana to Ethereum.

Shortly after ZachXBT’s post, CoinDCX CEO Sumit Gupta acknowledged the hack, attributing it to a “sophisticated server breach” that compromised an internal account used for liquidity provisioning on a partner platform. Gupta emphasized that customer funds were not affected and that the company would cover the losses from its treasury. He also stated that the CoinDCX wallets used for customer asset storage were untouched and “completely safe.”

Gupta mentioned that the company is collaborating with the exchange partner to block and recover assets, including plans to launch a bug bounty program soon. The incident comes almost exactly a year after the high-profile WazirX hack, which forced the platform offline and ultimately led to the collapse of its proposed restructuring plan. The Lazarus Group, a North Korea-linked hacker syndicate, was later linked to that attack. So far, no group has claimed responsibility for the CoinDCX breach.

Founded in 2018, CoinDCX rose to unicorn status in 2021 after raising $90 million at a $1.1 billion valuation. A year later, it raised another $135 million, pushing its valuation to over $2 billion. In July 2024, the firm acquired Dubai-based crypto platform BitOasis, signaling international growth ambitions. Despite its rapid rise, CoinDCX has faced criticism over its withdrawal policies. The platform does not allow crypto withdrawals by default, requiring users to undergo internal risk assessments to unlock the feature.

Gupta defended the practice in a Reddit AMA earlier this year, citing concerns over illicit fund movement. Ironically, in the same session, Gupta had expressed confidence in CoinDCX’s security protocols, pointing to its fund safeguarding measures, proof of reserves, and a $7 million insurance pool set aside to protect users in case of a breach. As of June, CoinDCX reported total holdings of $584.2 million and nearly 20 million registered users.

Crypto investors lost over $2.2 billion to hacks, scams, and breaches in the first half of 2025, driven largely by wallet compromises and phishing attacks. Wallet breaches alone caused $1.7 billion in losses across just 34 incidents, while phishing scams accounted for over $410 million across 132 attacks. Two major incidents, including Bybit’s $1.5 billion hack in February and Cetus Protocol’s $225 million exploit in May, skewed the year’s losses upward, together accounting for nearly $1.78 billion.

Comments



Add a public comment...
No comments

No comments yet