On July 19, 2025, CoinDCX—one of India’s largest crypto exchanges—suffered a $44 million (~₹368–379 crore) breach from an internal treasury wallet used for liquidity provisioning. In a bold move, CEO and co-founder Sumit Gupta confirmed that the entire amount will be absorbed by CoinDCX, using its corporate treasury, leaving no impact on customer asset
🛡️ Customer Assets Remain Safe
Gupta emphasized that the exchange maintains a strong separation between operational and user wallets. None of the exchanged custodied customer funds were affected, thanks to cold wallet infrastructure and prompt isolation of the compromised operational wallet. Trading and INR withdrawals resumed quickly, and platform functionality remains intact
🕵️ What Happened & Who Was Involved?
Investigations revealed that the breach stemmed from a social engineering attack targeting an internal employee. Rahul Agarwal, a Bengaluru-based engineer, was arrested after malware compromised his company laptop—allegedly installed during freelance work under mysterious circumstances. Hackers initiated the heist with a test transfer of one USDT at 2:37 AM and siphoned the full $44 million by 9:40 AM across six separate crypto wallets. Authorities suspect links to North Korea–linked threat actors such as the Lazarus Group
🔎 Recovery & Security Measures
CoinDCX has launched a recovery bounty program, offering up to 25% of any recovered amount (approximately $11 million) to white-hat hackers or investigators who can trace the stolen funds. The company is also working with cybersecurity partners, CERT‑In, and law enforcement to strengthen internal protocols and trace the attackers
🧭 Broader Context & Industry Implications
This breach marks the second major Indian crypto hack in a year, following WazirX’s $230 million breach in 2024. Unlike WazirX, which could not fully reimburse users, CoinDCX’s decision to absorb the entire loss aims to reinforce trust in its platform. Still, the incident underscores systemic vulnerabilities in the crypto sector—particularly around insider risk and endpoint security
Sumit Gupta also publicly denied rumors of a sale or acquisition by Coinbase—asserting that CoinDCX remains focused on India, not for sale or consolidation deals
✅ Key Takeaways
| Topic | Summary |
|---|---|
| Loss Amount | $44 million (~₹368–379 crore), taken from internal liquidity wallet |
| Impact on Users | Customer assets safe; no user fund loss |
| Who Covers the Loss | CoinDCX will absorb the loss via its corporate treasury |
| Cause of Breach | Social engineering via malware installed on an employee’s company laptop |
| Employee Involvement | Bengaluru-based engineer arrested; probe ongoing |
| Recovery Program | Up to 25% bounty (~$11M) for anyone who helps recover the funds |
| Industry Significance | Highlights security risks, need for stronger employee safeguards |
🔒 What’s Next for CoinDCX?
- Ongoing internal reviews and partnerships with cybersecurity firms and CERT‑In to increase resilience.
- Hiring and training protocols will be strengthened to limit freelance access from work devices.
- Execution of bug bounty programs and wallet monitoring to mitigate insider threats.
CoinDCX aims to ensure this breach becomes a turning point in enhancing crypto exchange security across India.
