Catenaa, Saturday, July 26, 2025- Indian cryptocurrency exchange CoinDCX suffered a $44 million security breach early Saturday, its CEO Sumit Gupta confirmed, attributing the incident to a “sophisticated server breach.”
Gupta assured customers that no user funds were compromised and pledged that the exchange will cover the losses from its treasury reserves.
The breach was first flagged about 17 hours after it occurred by blockchain analyst ZachXBT, who traced the stolen funds moving through wallets linked to CoinDCX.
The attacker reportedly used Tornado Cash to obscure the trail and transferred part of the funds between Solana and Ethereum networks.
Gupta explained the breach compromised an account used for liquidity provisioning on a partner exchange, but the wallets holding customer assets remained secure.
He also announced cooperation with the partner exchange to block and recover stolen assets and plans for a bug bounty program.
The hack marks a significant setback for CoinDCX, which became India’s first crypto unicorn in 2021 and has expanded internationally, acquiring Dubai-based BitOasis last year.
This incident echoes last year’s massive $230 million hack of WazirX, another major Indian crypto exchange. That breach was attributed to North Korea’s Lazarus Group, though it remains unclear if the same actors are responsible for the CoinDCX exploit.
CoinDCX maintains strict withdrawal policies to mitigate illicit fund movement, and its security framework includes multiple wallets, custodians, and a compensation fund valued at $7 million.
