Indian crypto exchange CoinDCX has confirmed a $44 million hack, marking the second major cryptocurrency exchange breach in India within a year and raising fresh concerns over crypto security and regulation. The incident occurred on July 19, when attackers exploited a server-side vulnerability in one of CoinDCX’s internal liquidity provisioning accounts, which holds digital assets to support smooth trading operations.
In a joint statement, co-founders Sumit Gupta and Neeraj Khandelwal called the attack a “sophisticated breach” of the company’s infrastructure. However, they reassured users that customer funds remain completely safe. “All user assets are stored in secure cold wallets and are fully unaffected by this breach,” the company said, emphasizing that centralized trading, INR deposits, and withdrawals remain operational despite the temporary suspension of its Web3 services.
CoinDCX has pledged to cover the entire $44 million loss from its corporate treasury, ensuring no impact on user balances. The company has also deployed its internal security team and engaged leading cybersecurity firms to investigate the breach, trace stolen funds, and work with partner exchanges to freeze illicit transfers.
Additionally, CoinDCX plans to launch a bug bounty program aimed at identifying vulnerabilities and bolstering its infrastructure against future attacks.
This latest incident, following the 2024 WazirX breach, highlights the mounting risks for India’s crypto sector amid growing adoption. With regulators already scrutinizing digital asset platforms, the breach is expected to intensify calls for stricter security mandates and oversight to protect investors and build confidence in India’s emerging crypto ecosystem.
