New Delhi, July 20, 2025 — India’s largest crypto exchange, CoinDCX, has confirmed a major security breach in its backend infrastructure, resulting in the loss of nearly ₹368 crore (approximately $44 million). The incident involved a compromise of an internal operational wallet used for liquidity, while no customer funds were affected, according to the company’s official statement.
The Incident
The hack was first flagged by blockchain analyst ZachXBT, who noticed unusual transactions originating from CoinDCX’s wallets. Within hours, CoinDCX’s CEO Sumit Gupta acknowledged the breach, calling it a “sophisticated server-level compromise.”
“The impacted wallet was part of our internal infrastructure for Web3 services and did not interact with user funds. We have isolated the vulnerability and initiated an in-depth investigation,” Gupta stated on X (formerly Twitter).
User Assets Unaffected
Reassuring its customer base, CoinDCX clarified that all user assets are stored in cold wallets, separated from operational systems, and remain completely secure. Trading and withdrawals on the platform have continued without interruption.
The company has absorbed the financial loss from its corporate treasury, vowing not to pass on any impact to users.
Recovery Bounty Announced
To aid investigation and recovery, CoinDCX has launched India’s largest crypto bounty program, offering up to 25% of recovered funds (up to ~$11 million) to ethical hackers and cybersecurity researchers who assist in tracing the stolen assets or identifying the attacker.
“We are committed to transparency, justice, and accountability. Anyone with credible intel is encouraged to come forward,” CoinDCX stated.
Likely Threat Actor: Lazarus Group?
Cybersecurity analysts suggest the hack may be linked to the Lazarus Group, a North Korea–backed hacker syndicate known for targeting crypto infrastructure globally. The attack bears similarities to the ₹1,950 crore ($235 million) hack on WazirX in 2024.
📊 Broader Concerns for Indian Crypto
The breach highlights ongoing cybersecurity concerns in India’s crypto sector, where regulatory clarity and security standards are still evolving. Experts have called for:
- Mandatory proof-of-reserves audits
- Improved operational wallet security
- Real-time incident disclosure protocols
According to analytics firm Chainalysis, crypto-related hacks have exceeded $2.17 billion in the first half of 2025 alone, making this one of the worst years on record.
