India's largest cryptocurrency exchange, CoinDCX, has confirmed a major security breach in which hackers hacked approximately $44.2 million in cryptocurrencies from one of its internal operating accounts.
The co-founder and CEO of CoinDCX, Sumit Gupta, revealed the incident on Saturday with a post on X, stating that customer funds were not involved in the breach.
Hi everyone,
- Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts - used only for liquidity provisioning on a partner exchange - was compromised due to a... pic.twitter.com/L1kZhjKAxQ
The compromised account was "only used to provide liquidity on an exchange partner". Gupta explained that because customer assets are stored separately from operational accounts, the exposure to this specific account and the resulting loss are fully covered by CoinDCX's treasury funds.
CoinDCX also confirmed that the loss was initially reported by crypto security researcher ZachXBT, who also pointed out that the hacker embezzled the equivalent of $44.2 million in crypto. ZachXBT's Telegram channel revealed that the hacker's address received 1 Ethereum (ETH) from Tornado Cash and subsequently transferred part of the stolen funds from the Solana blockchain to Ethereum.
CoinDCX confirmed the amount of the loss, explaining that the funds were transferred through bridge Solana-Ethereum and centralised in 4,443 Ethereum and 155,830 Solana, which are currently inactive. The exchange, which is registered with India's Financial Intelligence Unit (FIU) and has over 16 million users, is working with the CERT-In (India's Computer Emergency Response Team) and its exchange partner to further analyse the incident.
"The incident was quickly contained by isolating the compromised operational account," Gupta added. "We understand that these are unfortunate events, which can undermine user confidence, but we want to reassure our customers that their assets were not affected by this incident. We are working with our partner to freeze and recover the misappropriated funds."
CoinDCX also launched a "recovery bounty" programme on Monday, offering up to 25% of the recovered funds to anyone who can help identify and trace the stolen funds. "It is of paramount importance to identify and apprehend these attackers," said Gupta. "We hope to work with all security researchers to make it extremely difficult for hackers to carry out breaches like this in the industry."
CoinDCX offers access to over 500 crypto assets and this breach comes almost a year after the discovery of a $230 million attack on WazirX, another Indian exchange. The two events could be connected, although CoinDCX made no reference to this.
