Crypto exchange CoinDCX faced a cyberattack on July 19, which targeted one of its internal accounts used for liquidity provisioning. The company is presently investigating the incident, which reportedly caused a loss of about $44 million, which is approximately Rs 380 crore.
While the CoinDCX breach is significant, it is possibly the second-largest cyber attack in the crypto space. In July 2024, WazirX was hacked, and $230 million was lost in the breach.
What Happened in the CoinDCX Cyberattack
In a post on X, CoinDCX Founder Sumit Gupta confirmed that one of the exchange’s internal operation accounts used solely for liquidity provisioning on partner exchanges was compromised due to a “sophisticated server breach”. He stated that “CoinDCX wallets used to store customer assets were not impacted by the breach and are completely safe. He also confirmed that no customer funds were lost and that trading and withdrawals in Indian rupees remain fully operational. The platform assured users they can withdraw INR anytime without restrictions and reiterated its commitment to honour all withdrawal requests.
The incident was controlled by isolating the compromised operational account. As these accounts are separate from customer wallets, the damage was confined to this particular account, and the breach is being covered entirely by CoinDCX’s treasury funds.
In a post, Neeraj Khandelwal, Co-founder of CoinDCX, stated, “The total amount lost was $44 million out of our treasury assets. CoinDCX Treasury will be bearing these losses. Our primary objective throughout the day has been to secure the assets first.
Cyberattack Recovery and Security Measures
Gupta also stated that the team is working with the partner exchange to block and recover the assets involved in the breach. He said CoinDCX plans to roll out a bug bounty program soon, noting that every security lapse provides an opportunity to learn and improve. He added that this is a crucial moment to combat cyberthreats in the industry, and they are dedicated to collaborating with experts to enhance the overall security framework.
CoinDCX recently experienced temporary difficulties in its portfolio APIs due to excessive platform traffic, which impacted some users' ability to load portfolios. However, the company later confirmed that the issues have been fully resolved.
The CoinDCX incident follows last year’s massive breach at WazirX, one of India’s prominent cryptocurrency exchanges. WazirX faced a major cyberattack in July 2024, during which one of its wallets was compromised, leading to the loss of nearly 45 per cent of its crypto assets valued at approximately $234 million. The exchange immediately halted deposits and withdrawals, later introducing a partial compensation plan that drew criticism from several users. This incident highlighted worries about security standards across the industry and increased scrutiny of how exchanges protect customer assets.
