Crypto Journalist
Amin Ayan
Crypto Journalist
Amin Ayan
Share
Indian crypto exchange CoinDCX has confirmed a major security breach that resulted in the loss of $44 million.
Key Takeaways:
- CoinDCX suffered a $44 million hack caused by a server breach.
- The attack was first flagged by blockchain analyst ZachXBT.
- The breach follows the 2024 WazirX incident linked to North Korea’s Lazarus Group.
The exploit took place early Saturday morning and was first identified nearly 17 hours later by blockchain investigator ZachXBT, who linked the compromised wallet to CoinDCX.
“The attacker address was funded with 1 ETH from Tornado Cash and later bridged a portion of the stolen funds from Solana to Ethereum,” ZachXBT wrote on Telegram.
CoinDCX Confirms Security Breach
Shortly after ZachXBT’s post, CoinDCX CEO Sumit Gupta acknowledged the hack, blaming it on a “sophisticated server breach” that compromised an internal account used for liquidity provisioning on a partner platform.
Gupta stressed that customer funds were not affected and that the company would cover the losses from its treasury.
“We are collaborating with the exchange partner to block and recover assets, including coming out with a bug bounty program soon,” Gupta stated.
He added that the CoinDCX wallets used for customer asset storage were untouched and “completely safe.”
The incident comes almost exactly a year after the high-profile WazirX hack, which forced the platform offline and ultimately led to the collapse of its proposed restructuring plan.
The Lazarus Group, a North Korea-linked hacker syndicate, was later linked to that attack. So far, no group has claimed responsibility for the CoinDCX breach.
Founded in 2018, CoinDCX rose to unicorn status in 2021 after raising $90 million at a $1.1 billion valuation.
A year later, it raised another $135 million, pushing its valuation to over $2 billion. In July 2024, the firm acquired Dubai-based crypto platform BitOasis, signaling international growth ambitions.
CoinDCX Faces Criticism Over Withdrawal Policies
Despite its rapid rise, CoinDCX has faced criticism over its withdrawal policies.
The platform does not allow crypto withdrawals by default, requiring users to undergo internal risk assessments to unlock the feature.
Gupta defended the practice in a Reddit AMA earlier this year, citing concerns over illicit fund movement.
Ironically, in the same session, Gupta had expressed confidence in CoinDCX’s security protocols, pointing to its fund safeguarding measures, proof of reserves, and a $7 million insurance pool set aside to protect users in case of a breach.
As of June, CoinDCX reported total holdings of $584.2 million and nearly 20 million registered users.
Crypto investors lost over $2.2 billion to hacks, scams, and breaches in the first half of 2025, driven largely by wallet compromises and phishing attacks, according to CertiK’s latest security report.
Wallet breaches alone caused $1.7 billion in losses across just 34 incidents, while phishing scams accounted for over $410 million across 132 attacks.
Two major incidents, including Bybit’s $1.5 billion hack in February and Cetus Protocol’s $225 million exploit in May, skewed the year’s losses upward, together accounting for nearly $1.78 billion.
