CoinDCX, one of the largest cryptocurrency exchanges in India, disclosed a significant security breach. Hackers stole approximately $44.2 million when they obtained access to one of the company's internal accounts. This account was available to facilitate trading in an orderly manner by providing liquidity.
Well-known hacker ZachXBT first noticed this problem. He discovered the breach 17 hours after it occurred. CoinDCX quickly quarantined the impacted account and prevented further loss.
The exchange confirmed that the wallets containing users' funds were not impacted. Existing users can still withdraw funds and deposit funds to trade. As a precaution, the platform temporarily had disabled its Web3 mode, meaning users can access over 50,000 decentralized finance (DeFi) tokens. The feature was later restored.
The company will cover the entire loss using its own funds, CoinDCX CEO Sumit Gupta said. "No customer funds were lost. Our treasury is capable enough to bear this," Gupta wrote in a social media post. And their in-house team, working with outside cybersecurity experts, is trying to figure out how the hack occurred and where the stolen funds have ended up, he added.
This is one of the biggest crypto hacks of 2025. Hackers have taken more than $2 billion in cryptocurrencies so far this year, according to a report from Chainalysis. The increasingly large sample is generating some serious concerns about the security of the cryptocurrency exchanges.
To further enhance security on the platform, CoinDCX intends to roll out a bug bounty program. The program will pay by-the-book hackers who report weaknesses before they're used to loot the system. The platform is also working together with partner platforms to monitor and recover the stolen funds.
However, despite the setback, CoinDCX has announced that user funds are safe and operations are normal. The company says it's still committed to transparency and bolstering its systems against future threats.
