In July 2025, CoinDCX suffered a targeted cyberattack that led to a loss of $44 million. The attackers breached a backend server tied to the company’s internal liquidity provisioning system—an infrastructure used to manage token swaps, ensure trading liquidity, and facilitate order book stability.

This wasn’t a wallet or front-end login breach. Instead, the hackers exploited the server-level backend that interacts with multiple systems. It was a sophisticated infrastructure attack, aimed at operational funds rather than user assets.

CoinDCX: “User assets are safe. Only our internal accounts were compromised.”

All user funds remained untouched. CoinDCX stores customer assets in segregated cold wallets, which were not connected to the compromised infrastructure. These wallets are offline and insulated from transactional systems, which prevented the hack from reaching user balances.

Trading and INR withdrawals continued as normal. However, Web3 trading—which relies on more dynamic, connected systems—was temporarily paused to contain the breach and prevent further risk.

Where Did the Breach Occur?

The breach occurred in CoinDCX’s internal liquidity system, not in its user-facing platform or custodial services. These internal accounts handle automated token management between liquidity pools and help maintain market stability on the platform.

This part of the infrastructure is critical but often overlooked. It’s not typically accessible to users or visible in UI flows, which is why the attack was harder to detect immediately.

How Much Was Stolen?

The company reported a loss of around $44 million, or approximately ₹380 crore, from these internal systems. These funds were part of CoinDCX’s operational treasury and did not include user deposits or earnings.

Is CoinDCX Paying for the Loss?

Yes. CoinDCX stated it would absorb the full financial impact internally. There will be no impact on users, no withdrawal restrictions, and no cost passed on to customers. The company’s financial reserves and operational contingency planning allowed for this immediate response.

What’s CoinDCX Doing Now?

Following the breach, CoinDCX took these steps to contain and remediate:

• Isolated the compromised system and shut down affected servers
  
• Temporarily paused Web3 trading
  
• Launched a security audit with internal teams and third-party cybersecurity experts
  
• Involved blockchain forensics firms to trace the movement of stolen assets
  
• Started coordination with partner exchanges to freeze known hacker wallets
  
• Announced a bug bounty program to proactively find and patch vulnerabilities before they can be exploited
  

These steps are part of a longer-term strategy to harden backend systems, reduce attack surface, and improve response speed across the platform.

Why This Matters

This incident reveals a critical shift in how crypto platforms are being attacked.

Hackers are no longer just phishing users or breaking into customer wallets. They’re now targeting backend liquidity systems, treasury accounts, and operational servers—areas many platforms don’t monitor as aggressively.

This breach follows a broader trend. In July 2024, WazirX lost over $230 million in a wallet compromise attributed to the Lazarus Group, a well-known North Korean cybercriminal syndicate. Learn more here:

• WazirX Hack: Legal Battle Reaches Supreme Court
• WazirX Recovery Plan 2025
• CoinDCX CEO Criticizes WazirX Response

These two incidents show that cybercriminals are adapting faster than defenses. And backend security—not just front-end wallet protection—is now a central concern for crypto platforms worldwide.

What Should You Do?

If you’re a CoinDCX user, you don’t need to take any immediate action. Your wallet and personal account data weren’t exposed or affected. But this is a good time to review your security hygiene:

• Use cold storage for long-term holdings
  
• Enable two-factor authentication (2FA)
  
• Monitor your exchange for future updates
  
• Stay cautious of phishing emails or suspicious activity
  

Frequently Asked Questions (FAQs)

Was my CoinDCX wallet hacked?
No. Your funds are safe. The attack only affected internal accounts used by the company.

Can I still trade or withdraw funds?
Yes. All core services are fully operational. Web3 trading was briefly paused and is now back online.

How much money did the hackers steal?
Hackers stole approximately $44 million from CoinDCX’s internal treasury—not from customer wallets.

Do I have to pay anything or take action?
No. CoinDCX is absorbing the loss and confirmed that customers are not impacted financially.

What is CoinDCX doing to improve its security?
The company is conducting a full audit, working with blockchain investigators, and launching a bug bounty program to uncover weaknesses.

Has this happened to other Indian exchanges?
Yes. In 2024, WazirX suffered a $230 million hack linked to the Lazarus Group. That attack targeted user wallets.