New Delhi: Indian cryptocurrency exchange CoinDCX has confirmed a security breach involving the loss of approximately $44 million (around Rs. 368 crore) from one of its internal accounts.
The hack, which occurred early Saturday, targeted an account used for liquidity operations on a partner platform.
The company emphasized that no customer funds were affected.
In an official statement, CoinDCX clarified that the compromised account did not store any user assets.
Co-founder Sumit Gupta explained that the breach stemmed from a “sophisticated server attack,” and assured that the company’s treasury reserves are strong enough to fully cover the loss.
As a precautionary measure, CoinDCX briefly paused activity on its Web3 trading platform but has since restored operations.
Regular trading and INR withdrawals on its main exchange remained uninterrupted throughout the incident.
Urging users not to react hastily, Gupta advised investors against panic selling, cautioning that such actions often lead to poor returns. “Stay calm, stay confident,” he posted on X (formerly Twitter).
The company’s internal cybersecurity team is now working closely with international partners to investigate the breach, trace the stolen funds, and fix potential vulnerabilities.
In a move to further enhance its security, CoinDCX is preparing to introduce a bug bounty program to reward ethical hackers who help identify system weaknesses.
While the breach has raised concerns within the crypto community, CoinDCX has pledged full transparency and plans to share verified findings once the probe concludes.
ALSO READ: Moscow ready for peace with Ukraine but on its own terms, says Kremlin
Gupta acknowledged the broader implications of the attack, calling it a wake-up call for the global crypto sector.
The incident comes amid growing scrutiny of crypto platforms in India, with the government expected to soon release its first official policy paper on digital assets.
Notably, this is not the first major crypto breach in the country—last year, WazirX reported a loss exceeding $230 million due to compromised private keys.
