India’s leading cryptocurrency exchange, CoinDCX, has announced it will fully cover a $44 million loss stemming from a sophisticated security breach that occurred on July 19, 2025. The incident targeted an internal operational account used for liquidity management, but company officials emphasized that no customer funds were compromised.
The breach, which drained approximately $44.2 million (equivalent to about ₹378 crore) in cryptocurrencies, primarily stablecoins like USDT and USDC, was attributed to a social engineering attack. Hackers reportedly used a fake job offer to target an employee, compromising login credentials and accessing the system. This method highlights the growing risks of phishing tactics in the crypto sector, where human error can lead to significant vulnerabilities.
CoinDCX co-founder and CEO Sumit Gupta addressed the incident in a video statement posted on X (formerly Twitter), assuring users that the platform’s cold wallet infrastructure—disconnected from the internet—remained secure. “No customer funds have been impacted,” Gupta stated. “Your assets remain completely safe and protected.” The company swiftly isolated the affected account, halting any further unauthorized access, and continued normal operations, including trading and withdrawals.
In a move to maintain trust, CoinDCX confirmed it would absorb the entire loss from its treasury reserves, without dipping into its Crypto Investor Protection Fund (CIPF), which holds around ₹60 crore as of June 2025. Gupta noted that the amount represents roughly three to four months of the exchange’s revenue, based on its FY25 annualized group-level earnings of ₹1,179 crore. Co-founder Neeraj Khandelwal added that the treasury would bear the costs, with efforts underway to recover the assets.
To aid recovery, CoinDCX launched a bounty program offering up to 25% of the stolen funds—potentially $11 million—to anyone providing information leading to the retrieval of the assets. The company is collaborating with law enforcement, cybersecurity experts, and partner exchanges to trace the funds, some of which were reportedly funneled through mixing services like Tornado Cash.
A significant development came on July 31, 2025, when authorities arrested Rahul Agarwal, a CoinDCX employee, in connection with the theft. Investigations revealed that his credentials were exploited, though details on his involvement remain under review. This arrest underscores the internal risks exchanges face and the importance of robust employee training against phishing scams.
The incident drew scrutiny, particularly after on-chain analyst ZachXBT highlighted suspicious transactions, prompting CoinDCX’s public disclosure after a 17-hour delay. Critics questioned the transparency of treasury reserves and audits, with some community members calling for proof-of-reserves to verify coverage of user liabilities. Gupta responded by denying rumors of acquisition talks with Coinbase and affirming the company’s $2.5 billion valuation, up from $2.2 billion in 2022.
This breach follows a pattern of high-profile hacks in India’s crypto landscape. Just a year earlier, rival exchange WazirX suffered a $230 million loss in July 2024, amplifying concerns over sector-wide security. Globally, 2025 has seen a surge in crypto thefts, positioning it as potentially the worst year on record. In response, CoinDCX has ramped up cybersecurity spending to $2-3 million annually, including enhanced insurance and public reserve reports totaling over $507 million in USDT equivalents.
As of August 12, 2025, operations at CoinDCX remain uninterrupted, with the investigation ongoing. The exchange, founded in 2018 and boasting over 10,000 crore in total assets, continues to position itself as a secure platform amid India’s evolving regulatory environment. Industry experts stress that such events serve as reminders for users to prioritize self-custody and for exchanges to adopt proactive security measures.
Join our Telegram Channel