Crucially, the company stressed that customer assets were not affected.
“Today, one of our internal operational accounts — used only for liquidity provisioning on a partner exchange — was compromised due to a sophisticated server breach,” said Sumit Gupta, Co-founder and CEO, in a post on X. “I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe.”
The breach was quickly contained. According to Gupta, the compromised account was isolated from the rest of the system, limiting the damage. “Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us — from our own treasury reserves,” he added.
CoinDCX takes full responsibility
CoinDCX has said it will bear the entire loss from its own funds, assuring users that they won’t be impacted financially.
“This won’t cause any loss to our customers,” Gupta said. “CoinDCX will be bearing the full amount.”
Co-founder Neeraj Khandelwal confirmed the same and noted that protecting user assets was the company’s top priority from the outset. “Coindcx Treasury will be bearing these losses. Our first and foremost objective throughout the day has been to first secure assets,” Khandelwal said.
Services remain operational
Despite the scale of the breach, CoinDCX maintained that all platform services remain stable. Trading and INR withdrawals have continued without disruption.
Gupta reassured users, “No customer funds have been impacted. Your assets remain completely safe and protected in our secure cold wallet infrastructure.”
Still, some users reported issues accessing their portfolios after the breach. Khandelwal explained that this was due to a spike in server traffic following the announcement. “We have significantly enhanced the server capacity to serve users,” he later confirmed.
How the hack played out
While CoinDCX did not release the precise figures initially, blockchain sleuth ZachXBT and cybersecurity firm Cyvers flagged unusual activity before the exchange’s public disclosure. ZachXBT estimated the stolen amount at around $44.2 million. The stolen stablecoins, USDC and USDT, were first moved from Solana to Ethereum. They were routed through Tornado Cash, a service often used to obfuscate blockchain transactions.
The attacker reportedly funded their wallet with 1 ETH via Tornado Cash before initiating the theft, a detail that has complicated efforts to trace the full path of the stolen funds.
ZachXBT raised alarms nearly 17 hours before CoinDCX went public with the incident. The delay in disclosure has drawn mixed reactions from the crypto community.
Strengthening security posture
In the wake of the breach, CoinDCX is working closely with external cybersecurity experts and the affected partner exchange. Gupta confirmed that an internal investigation is underway to trace the flow of funds and fix any system vulnerabilities.
“Our internal security and operations teams have been working through the day along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities and trace the movement of funds,” said Gupta.
He added that the company will soon launch a bug bounty programme to uncover and address hidden threats. “Every security incident is a learning and we will learn from this and further strengthen our platform. More importantly, this is our time to win this war against cyberthreats in the industry and we commit to work together with experts to secure our industry.”
Broader industry context
The CoinDCX breach comes almost exactly a year after another Indian exchange, WazirX, suffered a major cyberattack. That incident, in July 2024, resulted in a loss of around $230 to $235 million in customer assets. WazirX responded by halting all withdrawals and deposits, and later offered a partial compensation strategy that drew criticism.
In contrast, CoinDCX has committed to absorbing the full damage internally, sparing its users from any loss.
Founded in 2018, CoinDCX currently claims over 16 million users. It recorded a spot trade volume of $492 million in May 2025, with Bitcoin and Ethereum leading the transactions.
So far, regulatory bodies have not issued any statement on the breach. But with the scale of losses and growing concerns around crypto security, many in the industry believe this incident could prompt tighter oversight.
“I understand incidents like this can be unsettling — even when customer assets are unaffected,” said Gupta. “That’s why I am sharing this incident with you with full transparency.”
He closed his remarks by thanking users for their trust and said the company will continue sharing real-time updates as the situation evolves.
