CoinDCX is one of India’s leading cryptocurrency exchanges, known for offering a seamless trading experience across 500+ crypto assets. With millions of users and deep liquidity, it has become a critical player in India’s digital asset landscape.
Founded in 2018, CoinDCX has been backed by marquee investors like Coinbase Ventures, Bain Capital, and Pantera Capital. It has consistently promoted regulatory-first, secure, and user-centric practices in the Web3 space.
What exactly happened in the CoinDCX hack?
On July 19, 2025, CoinDCX suffered a cyber breach, with attackers compromising an internal operational (liquidity) wallet, leading to a theft of over $44 million.
Key details:
The attackers started by depositing 1 ETH via Tornado Cash, a crypto mixer.
Funds were routed across Ethereum and Solana bridges, a common laundering tactic.
The stolen funds (~11,460 ETH) were ultimately consolidated into a single wallet.
User funds remained untouched, secured in cold wallets. CoinDCX’s quick containment and transparent disclosure have been widely appreciated by the community.
Who’s behind the attack?
Although attribution is ongoing, cybersecurity firm Cyvers noted that the techniques mirror those used by the Lazarus Group, a notorious North Korean state-backed hacking unit linked to crypto thefts exceeding $3 billion globally.
Common indicators:
Use of decentralized mixers
Multi-chain obfuscation
Similar patterns seen in WazirX hack (2024) and Axie Infinity’s Ronin Bridge hack
Why was CoinDCX targeted?
There are three key reasons why attackers may have set their sights on CoinDCX:
High Liquidity = High Value
Operational wallets carry substantial crypto assets for liquidity management, often the weakest link in security prioritization.
Web3 Infrastructure Vulnerabilities
Interoperability between chains and smart contracts introduces complex risks.
India’s Growing Crypto Ecosystem
With increased adoption, Indian exchanges are now on global cybercriminal radars.
What’s the impact on users and the broader ecosystem?
While no customer assets were compromised, the reputational risk is real.
Potential implications:
Erosion of user trust in centralized exchanges
Decline in daily trading volume
Renewed calls for self-custody and hardware wallets
Regulatory pressure on risk disclosures and security hygiene
Rising demand for transparency in risk reporting
What is CoinDCX doing now?
Launched India’s largest recovery bounty up to 25% of recovered funds (~$11M).
Engaging CERT-In, global exchanges, and blockchain forensics to trace the wallet trails.
Absorbing the loss internally from the company treasury.
Strengthening internal security audits and operational wallet controls.
Final Thoughts:
CoinDCX’s transparency and swift response are commendable. But the breach highlights a glaring issue risk isn’t just technical; it’s financial, reputational, and existential.
Enterprises especially crypto platforms must shift from “reactive patching” to proactive quantification.
At Zeron, we help organizations turn cyber risk into decision-grade intelligence. Our CRQ platform delivers insights like CVaR, ROSI (Return on Security Investment), and real-time prioritisation so you’re never caught off guard.
Frequently Asked Questions:
1. Was CoinDCX hacked in 2025?
Yes. In July 2025, CoinDCX suffered a $44 million hack via an internal liquidity wallet, though no user funds were affected.
2. Is my crypto safe on CoinDCX?
According to CoinDCX, all user assets remain safe, secured in segregated cold wallets. The breach was isolated to internal operations.
3. Who stole the crypto from CoinDCX?
Attribution is ongoing, but patterns suggest similarities to the Lazarus Group, known for high-profile DeFi and exchange attacks.
4. How can crypto exchanges prevent such attacks?
By implementing Cyber Risk Quantification, continuous threat modeling, third-party risk assessments, and better access control policies.
