Time of report: Jul 20, 2025 2:30pm, this blog will be updated regularly with real-time developments
A Note to Our Customers: Your Funds Are 100% Safe
CoinDCXs reserves are strong and 1:1 backed. Customers’ assets are fully secured. You can review our Proof of Reserves (PoR) on our PoR webpage.
Our Assurance to our Customers:
- Your funds are 100% safe; All customer assets are secure in segregated cold wallets
- The breach affected one internal operational account, not customer wallets
- CoinDCX is covering the exposure entirely from its own reserves
- Trading and INR Withdrawals are fully operational
- Working closely with global security experts and authorities to recover funds
- Recovery Bounty Program to be launched soon
- Beware of impersonators – Scammers may pretend to be CoinDCX officials. Do not share personal information with anyone. Always verify announcements through our official channels and this blog only.
Overview
On 19th July, one of our internal operational accounts, used solely for liquidity provisioning on a partner exchange, was compromised due to a sophisticated server breach.
The incident was swiftly contained by isolating the affected account.
- No customer assets were affected
- All user funds remain safe in secure, segregated cold wallets.
The total exposure is being absorbed entirely by CoinDCX using our treasury reserves.
Proceeds (~$44M USDT) were routed through multiple hops and finally landed on 2 wallets as listed below.
https://intel.arkm.com/explorer/address/6peRRbTz28xofaJPJzEkxnpcpR5xhYsQcmJHQFdP22n
https://intel.arkm.com/explorer/address/0xEF0c5b9E0E9643937D75C229648158584A8CD8D2
(Note: Create account to check on-chain data)
What did we do – Immediate steps were taken to contain the incident
The incident was quickly contained by isolating the affected operational account. Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us – from our own treasury reserves.
We’re now actively working on recovery efforts with global cybersecurity experts, blockchain forensics firms, and relevant authorities to trace the attacker and recover the compromised assets.
What our customers must know – Your Funds Are 100% Safe
- All Customers’ Wallets Are Secure
We want to reassure you that all customers’ assets remain secure and fully accessible. Customers’ assets at CoinDCX are held in segregated cold wallets, protected by multi-layer custody and offline security controls.
Our operational accounts are structurally separated from customer wallets, by design.
CoinDCX maintains a robust reserve system to absorb such incidents and this reserve is being used to fully cover the loss.
- No Halt in Withdrawals, Operations Running Normally
CoinDCX services remain fully operational. Trading activity, INR deposits and INR withdrawals continue. INR withdrawals below ₹5 lakhs will reflect in your account within 5 hours, while withdrawals above ₹5 lakhs will be processed within 72 hours. The incident was isolated and has no impact on your portfolio access or operations.
Working with Authorities and Global Security Networks
- Regulatory Notification: CERT-In has been informed as on 19th July.
- External Forensics Partner: Detailed Forensics with two globally reputed security agencies are being carried out and reports will be shared for public benefit as we ascertain the facts.
- Coordinating with key partners to track and freeze movement of funds.
We have activated a full-scale response in coordination with external cybersecurity and forensics experts and global Cyber security experts. The incident has been formally reported to CERT-In, and we are actively working with leading blockchain forensics firms and ecosystem partners to trace the attacker and recover assets.
This is not just about CoinDCX, it’s about protecting the integrity of the wider Crypto ecosystem. We’re leveraging every available legal, technical, and investigative channel to ensure accountability and reinforce security across the board.
We remain committed to full cooperation with authorities and will leave no vector unexplored in our recovery efforts.
We are actively collaborating with leading protocols, exchanges, and investigators to monitor, trace, and freeze any further movements.
| Step | Action | Details | Link |
| 1️⃣ | Stolen SOL held in origin wallet | 155,830 SOL ($27.6M) remains unspent | View Wallet |
| 2️⃣ | Funds split into smaller transactions | Transferred in batches (1,000–4,000 SOL) | Example Txn |
| 3️⃣ | Swapped to WETH via Jupiter | Using Solana-based aggregator | – |
| 4️⃣ | Bridged to Ethereum via Wormhole | Multiple txns routed via Wormhole bridge | Wormhole Txn |
| 5️⃣ | Received on Ethereum wallet | 4,443 ETH ($15.7M) consolidated | ETH Wallet |
What’s Next?
We have been sharing timely updates and will continue to keep you informed as the investigation unfolds. Our goal: full accountability and transparency.
CoinDCX has officially launched a Recovery Bounty Program.
Our support team is happy to assist you, connect with them.
Please stay alert and do not share any personal information with anyone claiming to be from CoinDCX.
We understand this situation might cause concern, and we’re here with you through it. In such times, it’s crucial to rely only on verified updates from the official CoinDCX blog and our verified social handles, this blog will be updated in real-time.
