CoinDCX Probes Internal Security Breach; Assures User Funds Are Safe

Cryptocurrency platform CoinDCX announced on Friday that it is investigating a server-side breach affecting one of its internal operational accounts. The incident was flagged after blockchain researchers noticed suspicious fund transfers involving a wallet associated with the platform.

CoinDCX confirmed that the compromised account was used for liquidity management and reassured that customer funds remain completely secure and unaffected. Although the company has not disclosed the precise amount involved, independent blockchain analysts estimate a possible loss of approximately $44 million.

The breach gained attention after on-chain investigator ZachXBT and cybersecurity firm Cyvers reported abnormal activity. The funds were allegedly moved through Tornado Cash, a service known for anonymizing crypto transactions, and then transferred to the Ethereum blockchain—almost 17 hours before CoinDCX made a public acknowledgment.

CoinDCX co-founder and CEO Sumit Gupta stated that the affected system was immediately isolated. The company has partnered with external cybersecurity experts and a partner exchange to track fund movements and prevent further issues.

Gupta added that CoinDCX will cover the losses from its treasury and emphasized that INR withdrawals and regular trading remain fully functional. A bug bounty program will soon be launched to encourage responsible vulnerability reporting, and real-time updates will be shared as the investigation unfolds.

The platform has yet to confirm the total asset loss or name the assisting partner exchange.