In what appears to be one of India’s most notable crypto breaches this year, CoinDCX confirmed a massive security incident that led to a loss of $44.2 million (₹368 crore) from its corporate treasury.
The breach, disclosed on July 19, sent ripples through the local crypto ecosystem. It also drew uncomfortable parallels with the WazirX hack that took place almost exactly a year earlier.
While CoinDCX was quick to reassure users that customer assets remained untouched, the broader implications of this breach go far beyond technical vulnerabilities. It marks yet another reminder of how even the most established players in India’s digital asset space remain susceptible to sophisticated attacks. It also raises fresh questions about how crypto platforms are securing internal infrastructure in an increasingly hostile cyber landscape.
A Precise Strike: What We Know About the Hack
The breach originated from unauthorized access to an internal operational wallet, specifically, one used for liquidity provisioning on a third-party partner platform. CoinDCX confirmed that the compromised wallet was isolated from customer funds. But what made this attack notable was its precision.
The stolen assets were reportedly moved using cross-chain bridges, particularly between Solana and Ethereum, a route increasingly favored by hackers due to its decentralized and trace-obscuring nature. Blockchain analysts tracking the movement noted that the attackers eventually consolidated the assets into 4,443 ETH (approx. ₹130 crore) and 155,830 SOL (approx. ₹238 crore). The funds, as of the latest update, remain idle on-chain.
The breach was discovered late on July 18, but the company made it public on July 19. CoinDCX Co-founder and CEO Sumit Gupta emphasized that while user funds were safe, the firm was treating this breach as an inflection point.
Immediate Response: From Damage Control to Transparency
In the hours following the hack, CoinDCX took several immediate steps:
- Isolated the compromised wallet and moved remaining reserves to secure cold storage
- Notified CERT-In, India’s official cybersecurity coordination agency
- Engaged with global blockchain security firms to track and potentially freeze the stolen assets
- Initiated a full forensic investigation, promising transparency once the probe concludes
The platform temporarily experienced downtime on July 20, which the company attributed to server overload, likely from users trying to access and withdraw funds. CoinDCX has since scaled its infrastructure to stabilize performance.
By July 21, the company rolled out a recovery bounty program. The program offers up to 25% of recovered funds (which could total nearly ₹92 crore) to ethical hackers, white-hat researchers, or entities that assist in retrieving the assets or identifying the perpetrators.
This bounty isn’t just a standard post-hack gesture; it reflects a shift toward community-enabled security, a practice gaining traction globally.
“It’s not just a bug bounty; it’s a call for collective action to protect crypto,” a spokesperson said.
CoinDCX also reiterated that it had absorbed the loss entirely through its corporate treasury, ensuring no user reimbursements or halts in services were needed.
One Year, Two Hacks: Is There a Pattern?
For those watching closely, the CoinDCX breach wasn’t just shocking, it was strangely familiar.
Why it feels familiar and why it is fueling fears
On July 19, 2025, CoinDCX confirmed the hack from its corporate treasury. The news sent ripples across the community, but for many veterans of the space, it wasn’t just the loss that raised eyebrows. It was the date.
Exactly one year earlier, on July 18, 2024, WazirX, CoinDCX’s biggest competitor, suffered one of India’s largest crypto heists, losing over $230 million. And now, precisely a day after the first anniversary of that breach, another exchange falls in eerily similar fashion.
The coincidences don’t end with the calendar.
In both cases, users had started noticing withdrawal delays in the weeks leading up to the breach. Both exchanges cited regulatory reasons like AML/CFT compliance. And in both incidents, suspicions quickly turned toward the Lazarus Group, the North Korean-backed hackers often linked to high-profile crypto exploits.
But there’s another angle that’s made this feel like more than just déjà vu: a pattern of pre-hack maneuvering that looks almost too deliberate.
In CoinDCX’s case, users were already raising red flags before the hack. Without warning, the exchange delisted over 100 margin trading pairs, reportedly forcing users to exit into USDT at unfavourable rates. Around the same time, support emails were disabled, and the company began pushing users to a chatbot. In hindsight, it all felt like a script being followed, one that insiders say looks remarkably like what happened at WazirX.
Now, an anonymous source familiar with the situation has come forward with an explosive claim. One that paints the CoinDCX breach not as an isolated cyberattack, but as the culmination of internal damage control.
“CoinDCX is following the same steps that WazirX did prior to hack. First, they stopped crypto withdrawals, giving excuses like AML/CFT guidelines by FIU, recently they stopped email ID support@coindcx.com and asked users to use the Chatbot. In Dec 2024, CoinDcx was among the top exchanges with unpaid GST dues to the government. Seems they might be having liquidity issues.
“Changed User Agreement in Feb 2025, allowing themselves sweeping rights to delist coins. 19th June 2025, they started delisting coins without user consent, it is much easier and legal way than doing a hack. Delist coins when the market is down and force users to get USDT at a low market rate by swapping the delisted coins with Binance in return for USDT.
“All the money CoinDcx made through delisting coins without user consent, they will use to compensate themselves for this so-called hack ?!?!”
– Exclusive quote shared anonymously with The Crypto Times
Both breaches:
- Targeted internal operational wallets, not customer funds.
- Involved cross-chain movements using Solana and Ethereum bridges.
- It has been tentatively linked to North Korea’s Lazarus Group, one of the most notorious state-sponsored hacking collectives.
Here’s a side-by-side look:
| Feature | WazirX Hack (2024) | CoinDCX Hack (2025) |
|---|---|---|
| Date of Hack | July 18, 2024 | July 19, 2025 |
| Loss Amount | ~$230–$235 million (₹1,930- ₹2000 crore) | $44.2 million (₹368 crore) |
| Targeted Wallet Type | Liquidity and hot wallets | Internal operational wallet |
| Method Used | Cross-chain bridges, Tornado Cash mixers | Solana-Ethereum bridge exploitation |
| Funds Transferred | Primarily ETH, SOL, USDT | ETH and SOL |
| Suspected Perpetrator | Lazarus Group | Lazarus Group |
| User Funds Impact | Some user exposure | No user exposure |
| Public Disclosure | Delayed over days (almost a year); partial relief | Within 48 hours; transparent bounty |
| Recovery Approach | Limited reimbursements | Bounty plus full treasury absorption |
| Disclosure Speed | Delayed by several days | Approx. 17–18 hours post-detection |
Given the nature and timeline of both incidents, industry insiders believe these attacks are far from coincidental.
Regulatory Echoes and Industry Impact
The CoinDCX hack is expected to revive regulatory scrutiny, especially around operational wallet security and cross-chain liquidity provisioning. While India doesn’t have a defined legal framework for crypto, CERT-In’s involvement may spark recommendations for higher compliance standards.
This comes at a time when Indian exchanges are trying to regain momentum amid a broader crypto winter, tightened tax laws, and recent global regulatory crackdowns.
CoinDCX, founded in 2018, boasts over 16 million registered users and processed $492 million (₹4,100 crore) in spot trading volume in May 2025 alone. A breach of this magnitude on such a platform underscores the urgency for smarter risk infrastructure.
“We’ve built with intent, and we’ll rebuild stronger,” Gupta said in his post, signaling this moment as a turning point, not just for CoinDCX, but for the entire Indian Web3 space.
Meanwhile, smaller Indian exchanges are reportedly ramping up internal audits, rechecking operational wallet exposure, and reviewing insurance policies, many of which don’t currently cover internal wallet breaches.
Not a Cry for Help; A Call for Reinvention
CoinDCX’s tone post-hack has been notably different from how WazirX handled its breach. While WazirX received criticism for a lack of transparency and unclear reimbursement policies, CoinDCX’s upfront communication and its recovery bounty have earned it cautious praise.
Still, the incident adds to a growing list of security failures in the crypto world from Euler Finance to Atomic Wallet and shows how increasingly creative hackers are in exploiting infrastructure that wasn’t even a consideration five years ago.
As CoinDCX continues its recovery efforts and the investigation unfolds, all eyes will be on:
- Will they identify the perpetrators?
- How effectively can the stolen funds be traced and frozen?
- What systemic changes are implemented to prevent such attacks in the future?
Final Thoughts
The CoinDCX breach is more than a story of missing millions. It’s a red alert for India’s crypto future. If two of the country’s largest exchanges can be hit in nearly identical fashion, it’s time the ecosystem and regulators treat security not as a layer, but as the core.
Because next time, it may not be a corporate treasury that takes the hit.
Also Read: Hack, Hide, Repeat: How WazirX Fooled Singapore and Robbed India
