Sumit Gupta, CEO of CoinDCX
Cryptocurrency exchange CoinDCX lost around $44 million (around ₹379 crore) out of its treasury assets on Saturday after one of its internal operational accounts was compromised due to a “sophisticated server breach.” The company said its Treasury will be bearing these losses, it said on its X handle that all customer assets are safe.
“All the customer assets are safe and the trading activity plus the INR withdrawals continue unhindered. Crypto withdrawals for those its enabled also continue to operate Business as usual. Working with multiple Crypto forensics agency to recover lost funds from our Treasury,” said Neeraj Khandelwal, Co-Founder of CoinDCX.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a… pic.twitter.com/L1kZhjKAxQ
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
The effected account, used for liquidity provisioning on a partner exchange, was isolated from other customer wallets. Sumit Gupta, CEO of CoinDCX, added that the company is actively working with exchange partners to block and recover assets including via a bug county program very soon. Even so, by Sunday afternoon, Khandelwal reported ₹31,462 withdrawal requests of which 98.09 per cent were processed. Entire backlog is getting cleared rapidly.
Gupta asked that while INR withdrawal are possible at any point, users should “panic sell” assets as that can leads to poor prices and unnecessary losses. Khandelwal too said that while USDT price on CoinDCX had begun fluctuating, users shouldn’t sell you assets at lower prices and let arbitragers bring the price back up.
According to Aishwary Gupta, Global Head of Payments at Polygon Labs, “The CoinDCX incident is a sobering reminder that no platform is immune to evolving cyber threats. While it’s commendable that user funds remained safe, this highlights the urgent need for industry-wide adoption of real-time monitoring, rigorous smart contract audits, and transparent incident disclosures. Security and user trust must go hand-in-hand as we build the next generation of financial infrastructure.”
Exactly a year ago in July, crypto exchange WazirX had also reported of a major hacking attack that cost the company a loss of $234.9 million, around ₹2,000 crore. Following the incident, WazirX Founder Nischal Shetty while speaking to businessline advised the general public not to get involved in cryptocurrency if security is a major concern, stating that theft is an actual risk, as is volatility of the value.
“Web3 exchanges need to have institutional grade security as hackers time and again have reinforced the belief that no exchange is off limits for them. Custody and security of funds is Achilles heel for exchanges. The alacrity and transparency in which Coindcx addressed the users deserves appreciation. Exchanges should prioritize investments in cyber security to restore user trust,” said Sharat Chandra, Founder – EmpowerEdge Ventures, a platform which helps fintech and web3 startups in their 0 to 1 journey, market access and growth.
Now, jarred by this second crypto attack within a year, crypto customers are taking to social media asking why CoinDCX took 17 hours before announcing the hack, whether the company has ₹400 crores profit to pay back users, etc.
Gupta responded to some of these queries by stating, “We were in the midst of a thorough investigation and were advised to publish details after having full clarity. Our team was finalizing and was ready with the comms and taking security approvals — the timing of Zach’s tweet [the first tweet flagging the incident] was purely coincidental.”
Published on July 20, 2025
