- Crypto exchange CoinDCX has confirmed losing over $44 million in a hack
- Hackers compromised the exchanges internal account shared with a partner exchange
- CoinDCX said that no user funds were lost
Crypto exchange CoinDCX has lost $44 million to threat actors who compromised one of its internal accounts used for liquidity provisioning on a partner exchange. The exchange noted that no user funds were lost because it stores user and exchange funds in different wallet s, adding that customer assets are completely safe. CoinDCX CEO Sumit Gupta added that the exploit was quickly contained, revealing that the loss will be fully absorbed by [the exchange] from its treasury reserves.
Tracking Stolen Funds, Thinking of a Bounty
Gupta disclosed that the exchange has been collaborating with cybersecurity experts to track the movement of funds and address any vulnerabilities. Part of these efforts include offering a bounty. The CEO noted that every security incident is a learning opportunity, adding that the exploit will help strengthen the exchanges security.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts used only for liquidity provisioning on a partner exchange was compromised due to a& pic.twitter.com/L1kZhjKAxQ
Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
In an incident report published on July 20, CoinDCX said the internal operational account was compromised due to a sophisticated server breach that allowed unauthorized access to the affected account.
The report added that the breach enabled the attacker to penetrate its liquidity infrastructure. CoinDCX, however, noted that the compromised infrastructure was quickly isolated and the exchange is operating normally.
The report disclosed that the stolen funds went through multiple accounts before being concentrated in two accounts
Working With Globally Reputed Agencies
The hacked crypto exchange noted that its still working with two globally reputed security agencies to provide a detailed forensic report. It also disclosed that it has reported the incident to the Indian Computer Emergency Response Team (CERT-In), the countrys national agency tasked with responding to computer-related security incidents.
The CoinDCX hack comes roughly a year after the exchange unveiled a customer protection fund to compensate hack victims. It also comes a year after WazirX , another Indian exchange, lost $230 million in a hack.
With CoinDCX not explicitly offering the hacker a bounty, it remains to be seen whether itll manage to recover the funds.
