On 18 July 2025, Indian crypto exchange CoinDCX was hacked, losing ₹378 crore ($44 million) from its internal accounts in a server breach. The company confirmed the incident the following day but assured users that no customer funds were compromised, with all personal wallets remaining secure.
However, in the aftermath of the breach, fraudsters have begun impersonating CoinDCX representatives, luring victims with fake investment schemes on social media.
This guide explains the true nature of the hack, exposes ongoing scams misusing the exchange’s name, provides essential safety tips, and outlines CoinDCX’s recovery efforts to strengthen security.
Users are urged to stay cautious against phishing attempts while the exchange works to restore full operational safety.
The Real CoinDCX Security Breach – What Really Happened
CoinDCX suffered a major security breach that resulted in the theft of approximately $44 million (₹378 crore) from one of its internal operational accounts.
This was not a scam by CoinDCX but a cyberattack that targeted the exchange’s server infrastructure.
CEO Sumit Gupta immediately addressed the community on X, where he stated that the CoinDCX wallets used to store customer assets are not impacted and are completely safe.
Hi everyone,
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a… pic.twitter.com/L1kZhjKAxQ
Co-founder Neeraj Khandelwal also confirmed on X that all the customer assets are safe and the trading activity plus the INR withdrawals continue unhindered. The attack occurred early morning, approximately 17 hours before the official public disclosure.
The hackers exploited a server-side to gain unauthorized access to an internal account used specifically for liquidity provisioning on a partner exchange.
As per Economic Times, the stolen funds were moved through blockchain bridges. They split the stolen crypto into smaller amounts and transferred it through different networks to make it harder to trace.
Finally, they put all the money into two main accounts:
- 4,443 ETH coins (worth about ₹131 crore)
- 155,830 SOL coins (worth about ₹231 crore)
Cybercriminals also used a service called Tornado Cash, which helps conceal the origin of cryptocurrency.
This made it very difficult for CoinDCX and investigators to track where the stolen money went. However, further Sumit Gupta said that due to their operational accounts, customers were not financially affected.
How Scammers Misuse CoinDCX Name?
While CoinDCX dealt with the legitimate security breach, fraudsters began exploiting the situation by imitating the exchange to run separate scams.
These scammers contact potential victims through social media platforms like Telegram and WhatsApp, claiming to represent CoinDCX.
The fraudsters use a multi-step approach to build trust before stealing money from unsuspecting victims:
- Contact through social media: Scammers reach out via unofficial channels using CoinDCX logos and branding.
- Fake review requests: They ask users to submit Google reviews for hotels or services that don’t exist.
- Fraudulent investment links: After gaining trust, they share fake CoinDCX website URLs for “investment opportunities.”
- Incremental payment demands: Starting with small amounts, they gradually increase demands using different UPI IDs.
- Withdrawal refusal: When victims try to withdraw money, scammers make excuses and refuse to return funds.
- Fake documentation: They create fake notices and agreements using CoinDCX letterhead to appear legitimate.
These scams are completely separate from the real CoinDCX exchange and have nothing to do with the legitimate security breach. This is a warning for anyone interested in investing in cryptocurrency to know the types of scams that you should be aware of.
Is CoinDCX Legitimate?
CoinDCX is a legitimate cryptocurrency exchange and one of country’s largest crypto trading platforms, where cryptocurrency is legal.
It operates as a registered entity under Indian regulations and maintains transparent business practices. With more than 16 million registered users, it has built a good user base across India.
Even due to the recent security breach the company kep it transparent with the customers. On the other hand, CoinDCX immediately disclosed the hack, took full financial responsibility, and implemented additional security measures.
What CoinDCX Users Should Know Regarding Scam?
CoinDCX users should understand several key points about the recent security incident and ongoing scams.
First, the July 2025 hack did not affect any customer funds or personal accounts. All user cryptocurrencies remained safe in the exchange’s cold storage wallets, and trading operations continued normally throughout the incident.
Secondly, the exchange has implemented additional security protocols following the breach, which includes enhanced monitoring systems and partnerships with global cybersecurity firms.
Third, which is most important, users can continue trading, depositing, and withdrawing funds as usual, with withdrawal processing times remaining under 5 hours for smaller amounts and within 72 hours for larger transactions.
Know that CoinDCX will never contact users through social media platforms like WhatsApp or Telegram to request investments or personal information. All legitimate communications come through official channels, either through website or app.
CoinDCX Hack Incident – Legal Actions and Recovery Efforts
CoinDCX took several steps to get back stolen money and stop fake people using their name:
- Big reward program launched: CoinDCX launches India’s largest crypto recovery bounty offering 25% of recovered funds as reward.
- Maximum reward amount: Up to $11 million payout for anyone who helps find the stolen money.
- Court protection received: Delhi High Court gave legal order to stop people from using fake CoinDCX names and logos.
- Police team informed: India’s Computer Emergency Response Team (CERT-In) was told about the hack for official investigation.
- Expert help hired: Working with international cybersecurity companies to track where the stolen money went.
- Bug bounty program coming: New program will reward ethical hackers who find security problems before bad people do.
- Legal action ready: Court order allows CoinDCX to take legal steps against anyone misusing their brand name.
Safety Measures For CoinDCX Cryptocurrency Users
CoinDCX users can protect themselves by following specific safety rules and recognizing legitimate communications from fraudsters.
Here are the essential safety practices users should be aware of to avoid cryptocurrency scams;
- Download the official CoinDCX app from Google Play Store or Apple App Store.
- Access CoinDCX only through the official website and never through third-party links.
- Follow only verified CoinDCX accounts with blue checkmarks on social platforms.
- Immediately report fake representatives to spam.reporting@coindcx.com and block them.
- CoinDCX representatives will never ask for passwords, OTPs, or private keys through any channel.
Additionally, with the proper safety measures, users can sell cryptocurrency in India without any risks.
Conclusion: CoinDCX Lost ₹378 Crore In a Major Security Breach
CoinDCX is a legitimate cryptocurrency exchange, and yet it suffered a cyberattack on 18 July 2025, resulting in a ₹378 crore ($44 million) loss from its internal accounts.
The company promptly disclosed the incident on 19 July 2025, maintaining full transparency. Importantly, no customer funds were affected—all user assets remained secure as the breach was limited to corporate accounts.
Since the incident, fraudsters have exploited the situation, impersonating CoinDCX representatives to trick users with fake recovery offers or investment scams.
The exchange has initiated recovery efforts and strengthened its security systems while urging users to verify all communication and report suspicious activity.
FAQs
Customer funds remained completely secure during the hack, and CoinDCX has enhanced security measures making it safe to use.
No customer funds were affected in the hack; only CoinDCX’s internal operational account was compromised, not user wallets.
Real CoinDCX representatives never contact users through social media and only communicate through official app or website channels.
CoinDCX was hacked by cybercriminals; separately, fraudsters impersonate CoinDCX to run scams targeting innocent users through social media.
CoinDCX lost approximately $44 million or ₹378 crore from its treasury funds, which did not impact any customer accounts.
