Indian crypto exchange CoinDCX says $44 million stolen from reserves

More than $44 million worth of cryptocurrency was stolen from the Indian exchange CoinDCX over the weekend.

Company cofounders Neeraj Khandelwal and Sumit Gupta announced issues on social media Saturday afternoon before confirming that funds had been stolen from one of the company’s internal operational accounts.

CoinDCX customers were not impacted and user funds were not stolen or accessed, the cofounders said. India’s emergency response team was notified of the theft.

“The incident was quickly contained by isolating the affected operational account. Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us – from our own treasury reserves,” Gupta said. 

Founded in 2018, the company is one of India’s largest cryptocurrency firms and says it has about 16 million users.  

CoinDCX said it is working with a security team to investigate the incident, patch vulnerabilities and trace the stolen funds so they can be blocked and recovered. The company pledged to create a bug bounty program in response to the incident. 

Khandelwal and several blockchain security firms confirmed the losses amounted to about $44.2 million worth of USDC and USDT — two stablecoins pegged to the U.S. dollar — which were siphoned from the platform on Friday evening. 

In a post mortem report published Sunday, CoinDCX said it will be covering the losses through its reserves. The funds have been traced back to two wallets holding $27.6 million and $16.2 million. Both were empty as of Monday afternoon but experts traced the funds to another wallet.

Gupta warned on multiple platforms for customers to be wary of imposters posing as CoinDCX officials and urged them not to provide login information to anyone. 

The company is offering up to 25% of any recovered funds to anyone who can trace and retrieve the stolen crypto. They also wanted assistance identifying the hackers so they can bring charges. 

The attack on CoinDCX comes just months after another Indian crypto giant, WazirX, suffered a massive breach that involved at least $230 million worth of stolen cryptocurrency. Indian police arrested a person allegedly behind the incident in November. 

Last week, blockchain security company Chainalysis said $2.17 billion worth of cryptocurrency has been stolen so far this year already, surpassing the total losses seen in all of 2024.