CoinDCX reveals it faced ‘sophisticated server breach’: ‘Our internal operational accounts were compromised, but…’

CEO Sumit Gupta said the incident was contained by isolating the affected account and efforts remain underway to patch vulnerabilities.

Written by Anwesha Mitra

Updated: July 20, 2025 14:34 IST

Despite the considerable financial loss, CoinDCX has reassured its users that all customer funds are secure and unaffected.

Crypto exchange CoinDCX revealed on Saturday that it had faced a “sophisticated server breach” that compromised its internal operational accounts. CEO Sumit Gupta said the incident was contained by isolating the affected account and efforts remain underway to patch vulnerabilities. He also confirmed that investor accounts and funds had not been affected by the breach — with trading activity and withdrawals continuing as usual.

“Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe,” Gupta wrote on X.

“I understand incidents like this can be unsettling – even when customer assets are unaffected. That’s why I am sharing this incident with you with full transparency. Thank you for your continued trust. I will keep you informed on a real time basis as we learn more,” he added.

‘Over $44 million drained’

According to reports, the hackers had stole more than $44 million during the attack. A Telegram update by onchain investigator ZachXBT had first flagged the issue — indicating that the breach took place on Friday.

“Looks like the India centralised exchange ‘CoinDCX’ was likely drained for approximately $44.2 million almost 17 hours ago and has yet to disclose the incident to the community. The attacker address was funded by 1 ETH from Tornado cash and later bridged a portion of the stolen funds from Solana to Ethereum,” he posted.

‘Exposure limited to only one account’

He also reiterated that customer funds were unaffected, and all investor assets remained safe and protected. Gupta explained that the incident was contained quickly by isolating the affected operational account — with internal security and operations teams have been working through the day along with leading cybersecurity partners to investigate the matter, patch any vulnerabilities and trace the movement of funds.

“Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us – from our own treasury reserves,” he added.