CoinDCX Loses INR 378 Crore in Security Breach, Says Customer Funds Are Safe
CoinDCX, one of India’s leading cryptocurrency exchanges, confirmed a major security breach on Saturday, resulting in a loss of over INR 378 crore (approximately $44 million). The attack targeted an internal operational account used for liquidity on a partner exchange, the company said.
In a public statement issued by co-founders Sumit Gupta and Neeraj Khandelwal, the exchange clarified that the breach had no impact on customer wallets or assets. The losses, they said, would be fully absorbed by the company’s treasury reserves.
“This was a sophisticated server-side breach. One of our internal operational accounts completely separate from customer wallets was compromised,” Gupta posted on X (formerly Twitter). “User funds are safe. This incident will not affect any customers.”
Delay in Disclosure Raises Questions
The breach first came to light when blockchain investigator ZachXBT flagged the incident on his Telegram channel early Saturday morning. CoinDCX acknowledged the incident nearly 17 hours later, drawing criticism from some in the crypto community for the delay.
Also Read:- Bitget Wallet, Mastercard & Immersve Launch Zero-Fee Crypto Card for Global Payments
In response, co-founder Neeraj Khandelwal explained that the company chose to prioritise security over speed. “We wanted to secure our infrastructure first before making a public statement. The safety of our users comes first,” he said.
Systems Temporarily Disrupted
In the hours following the announcement, CoinDCX experienced a surge in activity, with some users reporting difficulty accessing account balances. The company said its portfolio APIs had briefly gone down due to high traffic but were fully restored later in the day. Trading, INR deposits, and withdrawals continued to function normally throughout.
To ease customer concerns, CoinDCX clarified that INR withdrawals up to INR 5 lakh would be processed within five hours, while larger transactions would be completed within 72 hours.
Investigation Underway
The exchange has launched a detailed investigation in collaboration with two global cybersecurity firms. It has also reported the incident to India’s Computer Emergency Response Team (CERT-In). Preliminary findings suggest the attackers exploited a vulnerability in a hot wallet used exclusively for operational liquidity, not for storing customer funds.
Also Read:- Amber International Boosts $100M Crypto Reserve with Fresh $25.5M Raise
CoinDCX also plans to introduce a bug bounty programme to further bolster its defences. “We’re working closely with our cybersecurity partners and the affected exchange to trace and recover the stolen funds,” Gupta added. He promised transparency as the investigation progresses.
A Wake-Up Call for Indian Crypto Platforms
The incident adds to a growing list of security breaches in India’s crypto sector. Last year, WazirX, once the country’s largest exchange, suffered a hack that cost it over INR 1,965 crore. Both incidents highlight the persistent vulnerability of hot wallets and underscore the importance of security-first architecture in decentralised finance.
While reactions online were mixed some lauded the company’s decision to protect user funds, others questioned the communication delay the consensus remains clear: transparency and robust risk frameworks are now non-negotiable for crypto exchanges seeking long-term credibility in India.
Disclaimer: This post is for general informational purposes only. It does not constitute financial advice. Please consult a qualified professional before making financial decisions.
