India’s top cryptocurrency exchange CoinDCX was prey to a major cyberattack on July 20, 2025, leading to the theft of $44 million (Rs 380 crore) from its internal treasury. The company’s co-founder and CEO, Sumit Gupta, confirmed the breach in an official statement, calling it a “sophisticated server attack” targeting a partner exchange account used for liquidity management.
What Happened?
Gupta said the hack occurred due to a security breach that compromised a specific operational account. “As soon as the attack was detected, our team immediately isolated the affected account to contain the damage,” he said. The compromised account was used only for internal treasury operations, and no customer wallets or trading balances were affected.
CoinDCX CEO Sumit Gupta announced a Recovery Bounty Program offering up to 25% of reclaimed funds to those who help trace the stolen crypto. He also affirmed that user assets remain unaffected.
User funds safe, operations largely unaffected
CoinDCX has assured users that all INR withdrawals and trading services are working as normal. However, the Web3 trading segment has been temporarily suspended to allow a thorough investigation and implementation of enhanced security measures.
“Our first focus was to keep user assets completely safe”
Co-founder Neeraj Khandelwal reassured users, stating: “The stolen amount was from the company’s treasury and the company itself will bear the loss. Our first focus was to keep user assets completely safe, and we succeeded in this goal.”
The company is now working with partner exchanges to track and recover the stolen funds and plans to launch a Bug Bounty program to strengthen its systems by identifying vulnerabilities.
Second major crypto hack in India
This is India’s second-largest crypto exchange hack within a year. In July 2024, WazirX lost $234 million in a similar breach, which led to a complete halt of trading and withdrawal services.
However, CoinDCX has received praise from the crypto community for its swift response and transparent communication. Sumit Gupta said, “Every security incident is a lesson. We are looking at this attack as an opportunity to strengthen our security systems. This is the time to stand united against cyber threats.”
Key Takeaways
-
Rs 380 crore stolen from CoinDCX’s internal treasury on July 20.
-
User funds and services remain safe and unaffected.
-
Company to absorb full losses and launch security bounty.
-
Web3 operations paused; INR trading and withdrawals continue.
-
Crypto community lauds CoinDCX for transparency.
CoinDCX hack, Rs 380 crore stolen, Sumit Gupta, crypto cyberattack India, WazirX hack, Web3, Bug Bounty, crypto security breach
