Indian cryptocurrency exchange CoinDCX has reported a significant security breach, resulting in a loss of approximately ₹378 crore ($44.2 million). The breach, which occurred on July 19, 2025, at approximately 4:00 AM IST, involved unauthorized access to an internal operational account used for liquidity provisioning on a partner exchange.

CoinDCX founders, Sumit Gupta and Neeraj Khandelwal, addressed the situation via social media, assuring users that the wallets used to store customer assets were not affected and remained secure. Gupta confirmed the breach stemmed from a "sophisticated server attack" targeting an internal wallet. Khandelwal added that the company's treasury would bear the full amount of the losses.

The company has taken measures to isolate the affected infrastructure, ensuring that platform operations function normally. Trading activities and INR deposits and withdrawals continue without disruption. CoinDCX has clarified that INR withdrawals below ₹5 lakh would be processed within 5 hours, while those above ₹5 lakh would be completed within 72 hours. As a precaution, CoinDCX temporarily paused its Web3 trading platform but has since resumed normal operations.

The incident was initially flagged by blockchain investigator ZachXBT, prompting CoinDCX to make the breach public. Some criticism has been directed at the exchange due to an approximately 17-hour delay in disclosing the incident. However, the company's decision to protect user assets has also been commended.

In response to the breach, CoinDCX has reported the incident to the Indian Computer Emergency Response Team (CERT-In) and has initiated forensic investigations in collaboration with two globally recognized cybersecurity firms. The company has committed to publicly sharing the findings of these investigations. CoinDCX is also closely monitoring wallet activity with the assistance of global blockchain analytics partners.

This is not the first time an Indian crypto exchange has been targeted; WazirX experienced a major hack in July 2024, resulting in losses exceeding ₹1,965 crore (USD 230 million). CoinDCX's move to absorb the financial impact is in contrast to WazirX, which faced criticism for delayed withdrawals and communication during their incident.

Reactions to the CoinDCX breach have been varied. Some social media users have expressed concern over the delay in disclosing the incident, while others have praised the company's responsible approach to ensuring user funds' safety and absorbing the losses. Roshan Aslam, Co-founder & CEO of GoSats, called the incident "highly unfortunate" but noted that the CoinDCX team was quick to recover the $44 million loss from its treasury.