CoinDCX Exchange Rocked by $44M Crypto Heist – Inside the Breach

Another day, another crypto exchange learns the hard way that 'not your keys, not your coins' cuts both ways. CoinDCX joins the hall of shame with a $44 million digital asset heist—proving once again that even 'secure' platforms can't outsmart determined hackers.

How the breach happened

While details remain scarce, the attack follows the classic playbook: exploit a vulnerability, drain hot wallets, vanish into the crypto shadows. The $44 million haul suggests either sophisticated social engineering or an inside job—because apparently, 'trustless' systems still require trusting someone.

Damage control mode

Expect the usual PR spin: 'user funds are safe' (except the $44M that vanished), 'security is our priority' (just not enough to prevent this), and promises of 'working with authorities' (who'll trace the funds to a mixer by lunchtime). Meanwhile, traders face frozen withdrawals—because nothing says 'decentralized finance' like a centralized exchange hitting pause.

The cynical take

Another week, another reminder that crypto's killer app remains transferring wealth from overleveraged speculators to anonymous hackers. At least the thieves appreciate true hodl culture—they certainly won't be selling at a loss.

CoinDCX Server Breach: User Funds Secure

In an X post on July 19, CoinDCX CEO Sumit Gupta said that the crypto exchange suffered a server breach to one of its internal operational accounts. Gupta said that the affected wallet address is only used for liquidity supply on a partner exchange. Therefore, all assets in user wallets are safe and accounted for, with INR withdrawals fully functional.

Furthermore, the CoinDEX CEO states the hack has been contained by isolating the affected operational account. Meanwhile, the value of the total lost assets WOULD be offset by the exchange’s reserve as they commence efforts to track down the parties behind this hack.

Gupta explains that these efforts involve various legs, ranging from an ongoing internal security review to the planned launch of a bug bounty program.

The CoinDCX CEO said:

Our internal security and operations teams have been working through the day along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities and trace the movement of funds. We are collaborating with the exchange partner to block and recover assets, including coming out with a bug bounty program soon.

Meanwhile, on-chain investigator ZachXBT has criticized CoinDCX for revealing the hack incident 17 hours after its occurrence, despite claiming to operate in transparency. Meanwhile, the renowned investigator also shared some updates on the hackers’ action in a telegram message:

The attacker address was funded with 1 ETH from Tornado Cash and later bridged a portion of the stolen funds from solana to Ethereum.

Sumit Gupta has described the security breach as a learning moment, as the crypto industry continues to take major steps in battling cybersecurity threats.

Crypto Service Losses Reach $2.17 Billion

Notably, the attack on CoinDCX marks the latest major hack in the crypto industry, underscoring the ongoing need for robust and evolving security measures. Meanwhile, data by Chainanalysis shows bad actors made away with a total stolen funds of $2.17 billion from crypto services in 2025 H1 alone.

This revelation is highly discouraging as the reported loot is already greater than the total value lost in 2024, which was nearly $2 billion. Chainanalysis warns that if the current rate of successful malicious events continues to occur, the cryptocurrency business may end up losing a projected $4.3 billion to hacks.