CoinDCX Suffers $44 Million Internal Breach, Offers $11 Million Bounty in Major Crypto Security Incident
In one of the most serious cryptocurrency security incidents to date, CoinDCX has disclosed a $44 million breach involving its internal operational accounts. The crypto exchange confirmed that the loss stemmed from internal systems and did not affect user wallets or customer funds.
Sumit Gupta, CEO of CoinDCX, addressed the incident publicly, assuring users that the company had absorbed the financial hit entirely from its treasury. “No user funds were compromised. We absorbed the loss through our own treasury,” he said in a statement.
Details about the nature of the breach remain unclear, with the company withholding specifics about the compromised systems or whether any external attackers were identified. In response to the attack, CoinDCX has announced a recovery bounty of up to $11 million aimed at attracting white-hat hackers and blockchain investigators who can help track the stolen funds and identify those responsible.
This marks the second-largest publicly known breach of a crypto exchange in India, trailing only WazirX’s 2022 hack that involved losses estimated at $230 million. Industry analysts suggest the CoinDCX case highlights growing concerns over internal security lapses at crypto platforms, particularly in treasury management.
Experts emphasize that internal breaches often involve compromised credentials or insufficient access controls—issues not necessarily tied to regulatory failings but rather operational weaknesses. The incident has renewed focus on the need for Indian crypto platforms to adopt real-time audits, multi-signature wallets, and tighter access protocols.
Although CoinDCX has not yet confirmed the involvement of blockchain forensics firms or law enforcement, the bounty move signals an attempt to crowdsource recovery efforts. Given that no customer assets were affected, the breach is unlikely to prompt direct regulatory consequences but may accelerate calls for standardized operational security frameworks.
India’s crypto sector continues to operate in a grey regulatory zone, subject to tax laws but without unified cybersecurity standards. With adoption on the rise, incidents like this could push industry bodies and exchanges to double down on backend controls and investor assurance.
