Synopsis- Indian cryptocurrency exchange CoinDCX suffered a devastating security breach early Saturday, July 19th. Unauthorized attackers stole approximately ₹378 crore ($44.2 million) from the company.
As a result, this incident represents one of India’s largest crypto thefts. The hack occurred at precisely 4:00 AM IST. However, CoinDCX swiftly assured users their personal funds remained untouched. The targeted account was purely internal, used only for liquidity management on a partner platform. Blockchain investigator ZachXBT first flagged the suspicious transactions, prompting CoinDCX’s public disclosure nearly 17 hours post-attack.
Server Attack
Co-founders Sumit Gupta and Neeraj Khandelwal addressed the crisis on social media platform X. They confirmed the breach stemmed from a sophisticated server attack. Specifically, hackers compromised an internal wallet dedicated to exchange liquidity provisioning.
“Today, one of our internal operational accounts… was compromised,” Gupta stated clearly. He emphatically declared customer wallets completely safe. Moreover, Khandelwal revealed the exact loss: Rs. 378 crore ($44 million) from company treasury assets. CoinDCX will fully absorb this massive financial hit. Therefore, users bear absolutely no loss from this incident. The company filed an FIR confirming this protection for customers.
User Anxiety
News of the breach triggered immediate panic among CoinDCX’s vast user base. This was followed by a surge of withdrawal requests overwhelmed the exchange’s systems. Many users found portfolio APIs unresponsive for hours. These APIs display balances and transaction histories.
Naturally, this inability to view holdings fueled intense anxiety and online speculation. CoinDCX later confirmed restoring API functionality fully. Other platform operations continued largely unaffected. Trading, INR deposits, and withdrawals proceeded without disruption. The company clarified processing timelines: sub-Rs. 5 lakh withdrawals within 5 hours, larger sums within 72 hours.
Transparency Pledge
CoinDCX faces scrutiny over its 17-hour disclosure delay. Social media reactions remain sharply divided. One user criticized, “CoinDCX silent for 17 hours? That’s more suspense than a thriller!”. On the other hand, another praised, “Good to see CoinDCX acting responsibly… Sets a positive precedent.”
The company has isolated the compromised infrastructure completely. Furthermore, CoinDCX reported the incident to CERT-In immediately. They also initiated forensic investigations with two top global cybersecurity firms. CoinDCX committed publicly to sharing its findings transparently. This breach echoes a larger 2024 hack on rival WazirX, which lost Rs. 1,965 crore. CEO Sumit Gupta acknowledged the gravity, calling it “a stark reminder of evolving threats”. He pledged setting new security benchmarks for India’s crypto ecosystem, protecting its 1.6 crore registered users.
Written By Fazal Ul Vahab C H
