The company stated that no customer funds were compromised, and it will cover the loss from its own treasury
India’s largest cryptocurrency exchange, CoinDCX, has confirmed it suffered a major security breach on 19 July, resulting in the loss of approximately Rs 378 crore from one of its internal operational accounts. The company stated that no customer funds were compromised, and it will cover the loss from its own treasury.
According to CoinDCX, the attackers exploited vulnerabilities in its liquidity infrastructure, which supports trading activities with partner platforms. The breach was confined to a single internal account, which was structurally separated from customer wallets and exchange operations. The compromised funds were routed through the Solana–Ethereum bridge using the Wormhole protocol and swap aggregator Jupiter, before being moved into a single Ethereum wallet holding over 4,400 ETH.
The suspicious transactions were first flagged by blockchain investigator ZachXBT, prompting CoinDCX to initiate a review. Seventeen hours later, the company publicly acknowledged the breach, stating that it had isolated the affected account and that normal trading and banking operations had continued without disruption.
Though withdrawals temporarily slowed, especially for larger sums, CoinDCX said transactions under Rs 5 lakh were processed within five hours and higher amounts within 72 hours. A brief delay in the portfolio API caused some user confusion, but systems were restored shortly thereafter.
The exchange has lodged a police complaint and informed the Indian Computer Emergency Response Team (CERT-In). Two global cybersecurity firms have been engaged to carry out a forensic investigation, and CoinDCX has also launched a bug bounty programme to identify and patch any remaining vulnerabilities.
The incident comes a year after a cyberattack on rival exchange WazirX, where nearly Rs 1,965 crore was stolen from customer wallets, leading to widespread service disruptions. In contrast, CoinDCX’s handling of the breach has drawn cautious praise for its transparency and for ensuring customer assets remained untouched.
Nonetheless, the breach has raised fresh concerns about the resilience of India’s crypto infrastructure. Security experts say that even with customer funds held in cold storage and segregated systems in place, operational accounts remain attractive targets for sophisticated cybercriminals. The episode underscores the urgent need for stronger industry-wide protocols and real-time threat monitoring in the country’s fast-evolving digital asset market.
