CoinDCX Hack: ₹366 crores stolen, CEO said – ‘Server Breach’ caused a big exploit, the company will cover the loss itself | Hinglish News Article
One of India’s largest crypto exchanges, CoinDCX, fell victim to a major cyber attack this week, in which about $44 million (about ₹366 crores) was lost. The company’s CEO Sumit Gupta has blamed a “sophisticated server breach” behind this exploit. However, the relief is that the customers’ funds are safe and CoinDCX is claiming to cover this loss from its treasury.
ZachXBT first disclosed
The attack took place in India on Saturday morning, but CoinDCX reported it about 17 hours later, when well-known blockchain investigator ZachXBT made this exploit public on Twitter (X). ZachXBT manually tracked the wallet to which the funds were moved and reported that it was linked to CoinDCX.
According to him, the hacker first sent 1 ETH from Tornado Cash, then bridged some of the stolen funds from Solana to the Ethereum network.
CEO assured to cover the loss on behalf of the exchange
Within 10 minutes of ZachXBT’s post, CoinDCX CEO Sumit Gupta confirmed the attack on Twitter, saying that it was a server breach targeting a liquidity provisioning account on a partner exchange. He clarified that CoinDCX’s wallets where customer funds are kept are completely safe.
Sumit Gupta said:
“We are working with the exchange partner to block and recover the assets. A Bug Bounty Program will also be launched soon.”
After WazirX, CoinDCX became the victim
This attack comes exactly a year after a major cyber attack of $230 million (₹1,915 crores) on WazirX, another major crypto exchange in India, in July 2024. At that time, North Korea’s Lazarus Group was held responsible. Whether the same group is behind the CoinDCX exploit or not has not been confirmed yet.
The company has only $7 million recovery fund
A fund was already created by CoinDCX to compensate users in case of breach, but its value is only $7 million. As of June 2025, CoinDCX has total holdings of $584.2 million and about 2 crore registered users.
CoinDCX has already been in controversies regarding withdrawal policy
CoinDCX’s withdrawal policy has already been in controversies. Customers cannot directly withdraw their crypto assets from this exchange unless they pass an internal review.
In a Reddit AMA in May, CEO Sumit Gupta said:
“Crypto withdrawals are not enabled by default as it may pose a risk of illicit fund movement. But we enable it for users who pass our internal risk assessment and enhanced due diligence.”
Setback amid expansion
CoinDCX acquired Dubai-based platform BitOasis in July 2024 and took steps towards international expansion. The company became India’s first crypto unicorn in 2021, and its value reached $2.15 billion in 2022.
What’s next?
CoinDCX is currently working with experts to recover funds and investigate the attack. Although customer funds are safe, the loss of such a large amount definitely raises questions about the company’s security practices. Will CoinDCX be able to overcome this incident and win back the trust of users? It will be interesting to see this in the coming weeks.
Conclusion:
This hack has once again shown that even the big crypto platforms in India are not completely safe. After WazirX, this case of CoinDCX shows that strict cybersecurity and transparency have become necessary for the crypto industry. CoinDCX’s next step and its recovery strategy will determine the future of this exchange.