Above all, the company stressed that customer assets were not affected.
“Today, one of our internal operational accounts – used only for liquidity supply on an exchange of partners – has been compromised due to a sophisticated server violation,” said Sumit Gupta, co -founder and CEO, in an article on X. “I confirm that the CoindCx portfolios used to store customer assets are not affected and are completely secure.”
The breach was quickly contained. According to GUPTA, the compromise account has been isolated from the rest of the system, limiting damage. “Since our operational accounts are separated from the client’s portfolios, exposure is only limited to this specific account and is entirely absorbed by us-from our own cash reserves,” he added.
Coindcx takes full responsibility
Coindcx said that he would support the loss of his own funds, assuring users that they will not be affected financially.
“This will not cause any loss to our customers,” said Gupta. “Coindcx will wear the total amount.”
The co-founder Neeraj Khandelwal confirmed the same thing and noted that the protection of user assets was the absolute priority of the company from the start. “The Treasury Coindcx will wear these losses. Our first objective above all during the day was to secure assets,” said Khandelwal.
The services remain operational
Despite the magnitude of the violation, Coindcx argued that all platform services remain stable. INR exchanges and withdrawals continued without disruption.
GUPTA reassured users: “No customer fund has been affected. Your assets are completely safe and protected in our secure cold portfolio infrastructure. ”
However, some users have declared problems to access their portfolios after the violation. Khandelwal explained that this was due to a peak in the server traffic after the announcement. “We have considerably improved the capacity of the server to serve users,” he confirmed later.
How the hack went
Although Coindcx has not published the precise figures initially, the blockchain Sleuth Zachxbt and the cybersecurity company Cyvers pointed out an unusual activity before the public disclosure of the exchange. Zachxbt estimated the amount stolen at around $ 44.2 million. The stable stablecoins, USDC and USDT, were first moved from Solana to Ethereum. They were transported via Tornado Cash, a service often used to obscure blockchain transactions.
The striker would have financed his portfolio with 1 ETH via Tornado Cash before launching the flight, a detail that complicated the efforts to trace the full path of the stolen funds.
Zachxbt brought alarms almost 5 p.m. before Coindcx was made public with the incident. The delay in disclosure has drawn mixed reactions from the cryptographic community.
Strengthening security posture
In the wake of the violation, Coindcx works in close collaboration with external cybersecurity experts and the exchange of affected partners. GUPTA confirmed that an internal survey was underway to trace the flow of funds and repair system vulnerabilities.
“Our internal security and operating teams worked throughout the day with the main cybersecurity partners to investigate the issue, correct vulnerabilities and retrace the fund movement,” said Gupta.
He added that the company will soon launch a BOGUE bonus program to discover and respond to hidden threats. “Each security incident is learning and we will learn that and further strengthen our platform. More importantly, it is our time to win this war against industry cyber states and we are committed to working with experts to secure our industry. ”
Broader context of industry
Coindcx’s violation occurs almost exactly a year after another Indian exchange, Wazirx, suffered a major cyber attack. This incident in July 2024 led to a loss of around $ 230 to $ 235 million in customer assets. Wazirx responded by interrupting all withdrawals and deposits, and then offered a partial remuneration strategy that aroused criticism.
On the other hand, Coindcx has committed to absorb the full damage internally, sparing its users of any loss.
Founded in 2018, Coindcx is currently claiming more than 16 million users. He recorded a volume of commerce to the point of $ 492 million in May 2025, Bitcoin and Ethereum leading transactions.
Until now, regulatory organizations have not published any declaration on violation. But with the extent of the losses and increasing concerns about the safety of cryptography, many in the industry believe that this incident could encourage stricter surveillance.
“I understand that incidents like this can be disturbing – even when customer assets are not affected,” said Gupta. “This is why I share this incident with you with full transparency.”
He closed his remarks by thanking the users for their confidence and declared that the company would continue to share updates in real time as the situation evolves.
