CoinDCX hit by $44.2 mn cyberattack on operational account; assures customer funds safe, operations normal

Almost exactly a year after India's then-largest crypto exchange WazirX, was hacked, resulting in the theft of crypto assets worth $235 million, India's second-largest crypto exchange CoinDCX, has confirmed one of its internal operational accounts was compromised by a cyberattack on Thursday, leading to the theft of $44.2 million. However, the company has clarified that customer funds are completely safe and all trading activity and INR withdrawals are fully operational.

The Mumbai-based crypto exchange has said the compromised account was used "exclusively" for liquidity provisioning on a partner exchange. "Today, one of our internal operational accounts - used only for liquidity provisioning on a partner exchange - was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe," CoinDCX Co-founder, Sumit Gupta, said in a late-night post on X.

Operational breach, no customer impact; CoinDCX to absorb loss from treasury

The incident was also flagged by an ethical hacker, ZackXBT, on a forum, saying CoinDCX was drained for around $44.2 million almost 17 hours ago. Replying to a user's query on informing its customers 17 hours later, CoinDCX Co-founder Neeraj Khandelwal said the company wanted to "first secure the assets" before making any public announcement. "That's the most important thing and inform when we are confident of safety."

Khandelwal confirmed the total amount lost out of its treasury assets was $44 million, and that CoinDCX Treasury will bear these losses. "We continue to work hard to recover these lost assets. We will share all the information as more facts are validated."

He said that for the last 10 hours, the company has been working to first secure the assets before making any public announcement. "That's the most important thing, and to inform when we are confident of safety."

Gupta also said the company always believed in being transparent with its community. "Hence, I am sharing this with you directly...I would like to highlight that: No customer funds have been impacted; Your assets remain completely safe and protected in our secure cold wallet infrastructure; All trading activity and INR withdrawals are fully operational."

Gupta assured the incident was "quickly contained" by isolating the affected operational account. "Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us - from our own treasury reserves."

He also said the CoinDCX internal security and operations teams have been working throughout the day with leading cybersecurity partners to investigate the matter, patch any vulnerabilities, and trace the movement of funds. "We are collaborating with the exchange partner to block and recover assets, including coming out with a bug bounty program soon."

Time to win the war against cyberthreats: Sumita Gupta

He said every security incident is a learning and assured further strengthening of the platform. "More importantly, this is our time to win this war against cyberthreats in the industry, and we commit to work together with experts to secure our industry. I understand incidents like this can be unsettling, even when customer assets are unaffected. That's why I am sharing this incident with you with full transparency."

Gupta also assured the customers that the latest cyberattack will not cause any loss to any of the exchange's customers, and that CoinDCX will bear the full amount from its treasury reserves, which are "sufficiently healthy" to cover this amount. "We are still learning more about the details as I type this; the team is on war mode. Will keep you posted in real-time as we learn more!"

He also promised to share the investigation progress transparently.

Meanwhile, the company has not stopped trading and INR withdrawals on the crypto exchange, though it urged investors not to "panic sell." "(They) are fully operational and running smoothly. You can withdraw your INR anytime — without restrictions. A gentle reminder: Don’t panic sell your assets. It often leads to poor prices and unnecessary losses. Let the markets settle. Stay calm, stay confident," says Gupta.

Khandelwal assured the CoinDCX team is all hands working to firefight the situation and that it will get to the depths of the incident. "All the customer assets are safe, and the trading activity plus the INR withdrawals continue unhindered. Crypto withdrawals for those it's enabled also continue to operate Business as usual."

He said though the scale of this incident is not huge, the company will work hard to recover its funds. "We will share all the details of the incident as the team validates all the facts. Working with multiple crypto forensics agencies to recover lost funds from our treasury. We are supercharged to take CoinDCX to the next level, learning from this incident, and we will not let this incident go to waste."

Breach coincides with regulatory scrutiny 

The breach comes at a time when regulatory scrutiny and investor expectations around crypto security are intensifying in India. With the government expected to release its first crypto policy paper as early as this month, fund safety is likely to emerge as a key focus area in shaping regulations around digital assets.

The latest incident comes almost a year after WazirX, which was once India's biggest crypto exchange, faced a security breach where hackers siphoned off over $230 million in crypto assets due to compromised private keys linked to self-custodied wallets managed by the exchange.