On July 19, 2025, CoinDCX, one of India’s largest cryptocurrency exchanges, disclosed a significant and sophisticated server breach that resulted in approximately $44.2 million (₹378 crore) being drained from an internal operational wallet. CEO Sumit Gupta explained on social media that attackers compromised a server-linked liquidity provisioning wallet, not user wallets, confirming that cold storage and customer funds were safe and unaffected.
Blockchain security firms traced the stolen assets and found the attacker moved about 4,443 ETH (~$15.7M) and 155,830 SOL (~$27.6M) through cross-chain bridges and Tornado Cash to obscure their trail.
“Today, one of our internal operational accounts used only for liquidity provisioning on a partner exchange was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won’t cause any loss to our customers. CoinDCX will be bearing the full amount.” co-founder Sumit Gupta confirmed the breach on X.
ZachXBT flagged suspicious activity nearly 17 hours before CoinDCX publicly acknowledged the hack.
In immediate response to the breach, CoinDCX temporarily suspended Web3 trading to contain exposure, while ensuring INR-based trading and withdrawals continued smoothly.
The company confirmed it will fully absorb the losses using treasury reserves and stated that all customer assets remain untouched.
CoinDCX also engaged cybersecurity experts, reported the breach to CERT-In, and launched an internal investigation. Plans are underway to roll out a bug bounty program to identify and rectify future vulnerabilities.
Why Security Must Go Beyond On‑Chain Audits
This breach highlights a critical lesson: a crypto exchange’s security posture extends far beyond smart contracts and cold wallets. In this case, attackers exploited backend infrastructure vulnerabilities, likely stemming from misconfigured servers, compromised deployment pipelines, or inadequate internal access controls. Even robust on-chain defenses were bypassed.
As centralized platforms like CoinDCX manage billions in assets and attract regulatory attention, they must adopt zero‑trust architectures, conduct full-stack security audits, and monitor operational systems in real time. Exchange security is no longer just about wallet integrity, it encompasses complete infrastructure resilience.
FAQs
Q1: How much was stolen?
Approximately $44.2 million (₹378 crore) was stolen from an internal operational wallet
Q2: Were user funds affected?
No—customer assets remain safe in segregated cold wallets, and withdrawals in INR continued uninterrupted
Q3: How did CoinDCX respond?
They suspended Web3 trading, engaged security partners, reported to CERT-In, and pledged to absorb the losses
Q4: What vulnerabilities did it expose?
The incident underscores how backend server infrastructure and access controls are vulnerable to exploitation, highlighting the need for holistic security strategies.
Q5: What’s next for CoinDCX?
CoinDCX is implementing operational security improvements, launching a bug bounty program, and working with experts to enhance server and deployment protections
