Cryptocurrency exchange CoinDCX reports a $731 million asset holding and a 109% increase in trading volume
CoinDCX Overcomes Security Incident and Maintains Growth
In a recent turn of events, Indian cryptocurrency exchange CoinDCX faced a significant security challenge in July 2025, with approximately $44.2 million being stolen from an internal operational liquidity account [1][2][3]. However, it's important to note that customer funds remained secure in cold wallets.
The breach, which occurred between July 16 and 19, saw the attackers perform a dry run transaction on July 16 before the main theft on July 19 [1]. The attackers gained access by penetrating CoinDCX’s liquidity infrastructure, likely exploiting backend access through exposed credentials [1].
The stolen funds were laundered using the crypto mixer Tornado Cash and moved across blockchains, notably from Solana to Ethereum via cross-chain bridges [1][2][3]. CoinDCX swiftly contained the breach by isolating the affected wallet account, which was segregated from customer wallets [3]. The total loss was absorbed by CoinDCX’s own treasury, so no user funds were affected [3][4].
In response to the incident, CoinDCX took several critical post-incident actions and implemented additional security controls. They isolated the compromised operational wallet and transferred remaining assets to cold storage for safer custody [2]. CoinDCX also collaborated with cybersecurity agencies including India’s CERT-In and global blockchain security partners to conduct a thorough forensic investigation and track stolen funds [2][3].
To incentivize the recovery of funds, CoinDCX launched a recovery bounty program offering up to 25% of recovered assets (up to $11 million) to ethical hackers and the security community [2][4]. The exchange also announced plans to strengthen internal security by adopting more stringent controls such as Privileged Access Management (PAM) and Multi-Factor Authentication (MFA) to restrict sensitive backend access and prevent unauthorized credential use [5].
Despite the security incident, CoinDCX continued to grow in July. The total spot trading volumes jumped by 109.8% compared to June [6]. The number of registered users reached 20,153,514 accounts, a 2.93% month-on-month increase [7]. In addition, CoinDCX onboarded additional liquidity providers to widen order books and improve execution for traders [8].
Moreover, CoinDCX launched its Expert Picks feature for vetted futures trading signals [9]. The exchange also remitted ₹20.05 crore as TDS to the government of India in July, a 37.5% increase compared to the previous month [10]. As of July 24, 2025, CoinDCX’s partners held $189.46 million, and its blockchain reserves amounted to $541.64 million [11].
CoinDCX expressed gratitude for the support of its growing user base, especially in the face of recent challenges. The exchange aims to deliver more trader-centric updates, improve its infrastructure, and be entirely transparent [12].
References:
- CoinDCX Suffers $44 Million Hack: Report
- CoinDCX Announces Recovery Bounty Program
- CoinDCX Resumes Withdrawals After $44 Million Hack: ET
- CoinDCX Strengthens Security Measures Post-Hack
- CoinDCX's Commitment to Transparency After the Hack
- CoinDCX July 2025 Trading Volume Statistics
- CoinDCX July 2025 User Registration Statistics
- CoinDCX Onboards New Liquidity Providers in July
- CoinDCX Launches Expert Picks Feature
- CoinDCX TDS Payment to the Government of India
- CoinDCX's Holdings as of July 24, 2025
- CoinDCX's Future Plans and Commitment
- Despite the theft of $44.2 million from its internal operational liquidity account, the stolen funds did not affect customer funds, as they were securely stored in cold wallets.
- The attackers, who gained access to CoinDCX’s liquidity infrastructure by exploiting exposed backend credentials, moved the stolen funds from Solana to Ethereum via cross-chain bridges before laundering them using Tornado Cash.
- In response to the incident, CoinDCX implemented several security measures, such as adopting Privileged Access Management (PAM) and Multi-Factor Authentication (MFA) to protect sensitive backend access and prevent unauthorized credential use.
