Hack Results in $44 Million Loss for CoinDCX, Users' Assets Remain Safeguarded
In a significant blow to the cryptocurrency industry, CoinDCX, a leading Indian exchange, suffered a hack on July 19, 2025, resulting in the theft of approximately $44.2 million. However, the exchange has since launched a series of recovery efforts to trace and retrieve the stolen assets.
Following the breach, CoinDCX launched a recovery bounty program, offering up to 25% of any recovered funds to individuals who assist in tracing and retrieving the stolen assets and catching the perpetrators. This approach is more aggressive than typical bounties in the crypto industry, which usually cap at around 10%.
The exchange has partnered with security experts from Sygnia, zeroShadow, and Seal911 to aid in the recovery process. They have successfully tracked some of the stolen funds, which were routed through multiple hops before landing in Solana and Ethereum wallets.
The breach affected an internal operational wallet used for liquidity provisioning, not customer assets or cold wallets. CoinDCX has absorbed the loss through its reserves and emphasized that it remains financially strong and fully operational. The company isolated the compromised systems and temporarily suspended Web3 services to contain the breach but kept centralized trading and INR deposits/withdrawals operational.
Some features, including Web3 services and select spot orders, have been temporarily paused to ensure the safety of user funds. CoinDCX has assured its users that they will remain updated as the investigation develops and recovery efforts continue.
The attacker used Tornado Cash and moved assets between Ethereum and Solana to hide their origin. The exchange has shared attacker wallet addresses to assist in recovery. CoinDCX is also collaborating with partner exchanges to freeze any stolen assets that enter other platforms.
The frequency of such attacks remains a challenge for the cryptocurrency industry. The breach was due to a targeted server vulnerability. In the past year, multiple crypto platforms have faced breaches, including Nobitex (Iranian exchange) and DeFi projects like Arcadia Finance and GMX.
CoinDCX's recovery efforts focus on tracing and retrieving the stolen assets while prioritizing the identification and apprehension of the perpetrators to prevent future incidents. The protection of customer assets remains CoinDCX's top priority, with customer assets stored in cold wallets that are offline and isolated from internal operational accounts.
The CoinDCX hack came almost exactly one year after another Indian exchange, WazirX, lost $235 million in a similar breach. The industry continues to grapple with these security challenges, but exchanges like CoinDCX are demonstrating their commitment to recovery and the protection of user funds.
Cybersecurity experts at CoinDCX have shared the attacker's wallet addresses, linking the stolen assets to Solana and Ethereum wallets. As part of their recovery efforts, they are also collaborating with partner exchanges to freeze any stolen assets that enter other platforms.
In a bid to trace and retrieve the stolen assets, CoinDCX launched a recovery bounty program, offering up to 25% of any recovered funds to individuals working in the NSE (National Stock Exchange) or technology sector who can assist in this endeavor.
