23/07/2025
Indian crypto exchange CoinDCX has confirmed that about 44 million dollars was stolen in a security breach discovered on July 19. According to CEO Sumit Gupta, the attack targeted internal operational wallets linked to liquidity provisioning. Customer wallets were not affected and trading on the platform remained available.
Gupta said the company is absorbing the full loss from its own treasury reserves. CoinDCX is working with an exchange partner tied to the compromised account to freeze and recover funds where possible. The company also plans to launch a bug bounty program to strengthen defenses and invite white hat researchers to report vulnerabilities.
Security analysts, including ZachXBT, questioned why it took roughly 17 hours for the exchange to issue a complete public disclosure. That delay has reignited concerns about transparency and incident response timelines across centralized crypto platforms.
Some users experienced temporary access problems after the breach due to heavy server traffic. CoinDCX stated that these were load issues and unrelated to further compromise. The firm continues to defend its withdrawal review controls, saying they are designed to reduce illicit fund movement and protect users. It also points to ongoing proof of reserve reporting as part of its trust framework.
CoinDCX serves nearly 20 million users and reports more than 584 million dollars in total holdings. The breach has increased pressure on the company to deliver stronger security practices, faster communications, and clearer safeguards separating operational liquidity from customer custody.
Incidents like this underline a core lesson for crypto investors. Understand where and how your assets are stored, how fast a platform reports problems, and whether it holds the capital to make customers whole when things go wrong.
