In July 2025, CoinDCX lost over $44 million in a major security breach.
The CoinDCX hack targeted one of the exchange’s internal liquidity wallets on a third-party platform. It was fast, calculated, and deeply disruptive.
The good news is that no customer funds were touched. All user assets stayed safe in cold storage.
But the attack still matters, a lot. This was one of the biggest crypto hacks India has seen since WazirX lost $230 million in 2024. And it showed just how vulnerable even large, well-funded exchanges can be.
So, what went wrong? Who pulled it off? What happens next? And what impact can this have on the broader crypto market?
Let’s break it down.
Key highlights:
- The CoinDCX hack in July 2025 resulted in the theft of over $44 million from an internal wallet.
- No user funds were lost, as all customer assets were stored in segregated cold wallets.
- The breach was caused by a social engineering attack targeting an employee’s work laptop.
- CoinDCX acted fast to isolate the breach, maintain platform operations, and launch an investigation.
- The company absorbed the full financial hit using its own reserves and offered a $11M recovery bounty.
- This hack highlights the growing threat of human-targeted attacks, and the need for stronger internal security.
How the CoinDCX hack unfolded
The attack happened fast, and it was no accident.
According to CoinDCX, the breach took place in mid-July 2025. Hackers gained access to an internal hot wallet that the exchange used to provide liquidity on a third-party platform. This wasn’t a user-facing wallet. It was part of CoinDCX’s backend infrastructure.
Before the actual theft, there was a test. On July 19, the attacker sent a tiny transaction, just 1 USDT, to make sure they had access. A dry run.
Then came the real move.
Within minutes, the hacker drained roughly $44.2 million worth of crypto. The majority of the stolen assets were Solana and Ethereum.
And they didn’t just take the funds and run. The attackers had a clear plan for laundering them.
- First, they bridged the funds from Solana to Ethereum using the Wormhole bridge.
- Then they routed the assets through a swap aggregator, most likely to break up the trail.
- Reports also suggest they used Tornado Cash, a popular crypto mixing tool, to make the funds even harder to trace.
The entire operation was fast, quiet, and carefully timed. Whoever was behind it seemed to know exactly what they were doing.
The phrase “CoinDCX hacked” quickly began trending across crypto Twitter, as analysts and users tried to make sense of how such a large exchange got breached.
How did it happen? A social engineering trap
The hackers didn’t break in through code. They got in through a person.
CoinDCX confirmed that the breach was caused by a sophisticated social engineering attack. In simple terms, the attacker didn’t need to break into a system. They manipulated someone on the inside to open the door for them.
For those unaware, social engineering is a type of cyberattack that targets people instead of systems. Attackers use tactics like impersonation, fake emails, or malware-infected links to trick someone into giving them access.
In this case, the attacker focused on a CoinDCX software engineer. At some point, the engineer was persuaded to download malware. Possibly through a fake file, software update, or phishing email.
Once installed, the malware quietly collected login credentials from the engineer’s work laptop.
That gave the attackers direct access to backend systems and a wallet used for providing liquidity on a third-party exchange.
They didn’t need to hack smart contracts. They didn’t crack cold wallets. They just used the engineer’s legitimate access to move the funds out, quickly and quietly.
Police later arrested the employee, though there’s no public evidence that he was part of the scheme. It’s more likely he was the unwitting victim of a targeted scam.
The bottom line: no vulnerabilities in CoinDCX’s blockchain systems or user wallets were exploited. This was a human breach.
It’s a harsh reminder that no amount of tech can fully protect against social engineering. People need to learn to recognize and avoid scams.
What happened next? CoinDCX’s response
Once the attack began, the CoinDCX team moved quickly.
According to the exchange, their systems flagged an unusual transaction pattern shortly after the wallet was accessed. They traced the movement, identified the breach, and isolated the compromised account to stop the attacker from moving deeper into the infrastructure.
In their words, they acted to “immediately isolate the affected account and prevent lateral movement into other systems.”
Operations didn’t shut down. Trading and withdrawals stayed live the entire time. That helped prevent panic. But the hack did trigger a spike in user withdrawals, which briefly caused delays in processing some transactions.
This is where it got a little messy.
The hack occurred in the early hours of July 20. But CoinDCX didn’t publicly acknowledge it until about 17 hours later. That silence didn’t sit well with some users, especially on X (formerly Twitter), where rumors started to fly.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a… pic.twitter.com/L1kZhjKAxQ
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
Critics said the delay felt like a cover-up. Why wait?
CoinDCX’s leadership later explained that they needed to contain the breach, secure internal systems, and verify what actually happened before making a public statement. Their argument was that a rushed announcement could have made things worse.
Still, the gap caused some distrust. And it forced the exchange to do damage control not just on security, but on communication too.
Impact on users and the exchange
Let’s start with the most important part: user funds were safe.
CoinDCX was quick to confirm that no customer wallets were touched. All user assets were stored in segregated cold storage, far away from the compromised wallet.
The $44 million loss came entirely from the company’s own operational reserves.
That’s a big number. But CoinDCX says it was prepared.
The exchange claimed it holds over $100 million in treasury reserves and remains both profitable and financially strong. In fact, some investors reportedly offered to step in and help cover the losses. Interestingly, CoinDCX said no.
Still, the hack left a mark.
Even though users weren’t financially affected, confidence took a hit. The 17-hour delay before making the breach public led to questions about transparency. Some users felt left in the dark.
To address the backlash, CoinDCX held an open community session just days after the hack. Leadership walked users through exactly what happened, how they responded, and what they were doing to fix things.
How CoinDCX responded
Once the immediate threat was contained, CoinDCX shifted focus from damage control to recovery.
First, they launched a full investigation. The exchange brought in top cybersecurity firms, notified law enforcement, and began coordinating with CERT-In (India’s national cyber response team) to trace the attackers. They also worked with partner exchanges in case the stolen funds resurfaced elsewhere.
But the most fascinating move? A bounty.
CoinDCX announced what they called India’s largest crypto recovery bounty. They’re offering up to 25% (about $11 million) to anyone who helps recover the stolen assets, or identify those who are responsible.
They’re not letting this go quietly.
“Catching the attacker is more important than recovering the funds.”
—Sumit Gupta, CoinDCX CEO
On the technical side, the company started rebuilding its security architecture. That includes:
- Minimizing hot wallet exposure by moving more funds to cold storage
- Strengthening internal controls and backend access policies
- Upgrading monitoring systems to detect unusual activity faster
They also said they’re conducting a full audit of internal processes, particularly around employee access and device security. That was the exact weak point that allowed the breach to happen in the first place.
It’s important to make sure this doesn’t happen again.
Exchange hacks in context: how bad was this?
As far as crypto hacks go, $44 million is no small hit. But it wasn’t the worst we’ve seen, not even in India.
Just last year, WazirX lost around $230 million in a breach that some reports linked to the Lazarus Group, a state-sponsored hacking team from North Korea. That attack forced WazirX to stop trading, and the recovery process dragged on for months.
By comparison, CoinDCX kept operations running, protected user funds, and covered losses internally. So while the dollar amount was high, the damage was quickly contained.
Globally, crypto exchanges have been a top target for years. In 2022 alone, hackers stole over $3.8 billion across various attacks. That number dropped to about $1.7 billion in 2023, but the threat is still very real.
In CoinDCX’s case, the hack didn’t seem to rattle the wider market. There was no major dip in token prices, and the exchange reported that trading activity stabilized quickly.
But there’s still a lesson here.
Each of these attacks chips away at user trust in centralized platforms. And every new incident is another reason for crypto investors to consider things like self-custody, hardware wallets, proof-of-reserve audits, and even crypto ETFs.
CoinDCX may have handled this well. But no exchange is immune. And users know that. As you can see from the table below, even some of the absolute best crypto exchanges aren’t immune to attack.
Major crypto exchange hacks in recent years
| Exchange | Year | Amount Stolen | Method | User Funds Affected? |
|---|---|---|---|---|
| CoinDCX | 2025 | ~$44 million | Social engineering + hot wallet | No |
| Nobitex | 2025 | ~$81 million | Gonjeshke Darande group breach | No |
| WazirX | 2024 | ~$230 million | Suspected Lazarus Group breach | Yes |
| FTX | 2022 | $415–477 million | Internal access during collapse | Yes |
| Binance (Bridge) | 2022 | ~$570 million | BSC Token Hub exploit | No |
| KuCoin | 2020 | ~$280 million | Private key leak | Yes temporarily (but later recovered and reimbursed) |
FAQ
What happened to CoinDCX?
In July 2025, CoinDCX suffered a security breach that targeted one of its internal wallets. Hackers used social engineering to access the system and stole crypto from the exchange’s own funds — not user wallets.
How much was stolen from CoinDCX?
Roughly $44.2 million in crypto assets were stolen, mainly in SOL and ETH. The loss was fully absorbed by CoinDCX.
Can I trust CoinDCX?
While the hack raised concerns, CoinDCX responded quickly, kept user funds safe, and maintained platform operations. They also launched a recovery bounty and are overhauling internal security. Still, it’s smart to stay cautious and consider self-custody and hardware wallets.
The bottom line: CoinDCX hack was serious, but it wasn’t a disaster
Yes, $44 million was stolen. Yes, the attack exposed a weak link in internal security. But user funds stayed safe. Withdrawals stayed open. And the exchange acted fast to contain the breach, launch a bounty, and rebuild trust.
In a space where major hacks often lead to shutdowns, lawsuits, or total collapse, CoinDCX showed that being prepared matters. Their decision to keep most assets in cold storage and maintain a strong treasury reserve made all the difference.
Still, this was a wake-up call.
Even big, well-funded exchanges can be caught off guard, especially by social engineering tactics that target people, not code. And for users, it’s another reminder to stay cautious and think twice about where and how they store their crypto.
Source:: CoinDCX Hack Breakdown: How $44 Million Vanished Overnight