It’d been a while since India’s crypto sector grabbed any headlines (negative) and attracted unwanted attention. With Bitcoin recently hitting an all-time high of around $118,000 per Bitcoin, it seemed that everything in crypto was going good. But then, catastrophe struck.
On 21 July, India’s crypto sector was jolted when CoinDCX, one of the country’s major cryptocurrency exchanges, confirmed a security breach that led to a staggering $44 million loss. Convert that, and that’s more than Rs 380 crores stolen. However, what stood out in the official communication was this: no user accounts were affected. So what exactly was hacked?
Don’t crypto exchanges use blockchain for transactions? Isn’t blockchain supposed to be unhackable? And how did such a massive attack go unnoticed until after the funds were drained?
Let’s try to break it all down in this explainer.
On July 19, CoinDCX suffered a cyberattack that resulted in the theft of approximately $44.2 million worth of crypto assets, including over 155,000 SOL (Solana) and 4,400 ETH (Ethereum). The news of the breach came to light after several on-chain analysis firms like Cyvers flagged suspicious activity involving CoinDCX’s wallets.
As reported, the stolen funds were not from customer wallets, but from an internal operational wallet used by the exchange for providing liquidity — basically, helping facilitate smooth transactions across crypto pairs. You see, like banks, even crypto exchanges need to keep some cash on the exchange to facilitate customer transitions smoothly. The hack happened when funds were quickly moved across blockchain networks and laundered using tools like Tornado Cash, a crypto mixer often used to obscure the origin of stolen assets.
The report also stated that no customer accounts were affected by the hack. CoinDCX confirmed that: All customer funds remain safe and untouched. The affected wallet was strictly for internal operations, not user holdings. The company has covered the entire loss using its corporate treasury. CoinDCX is offering an $11 million bounty to any white-hat hacker who helps retrieve the funds. As most customer funds are stored on cold wallets, which aren’t connected to the server, this clean separation prevented a much larger crisis. CoinDCX also immediately strengthened its backend infrastructure and began working with cybersecurity firms for forensic analysis.
Let’s be clear about one thing-the blockchain wasn’t hacked. Instead, backend systems that connect CoinDCX’s platform to the blockchain were compromised. Think of it like this: the vault (blockchain) is secure, but the lock on the door leading to the vault room (the exchange’s software) was left open or broken. While it’s not confirmed how exactly the hack happened, there are a few possibilities we can consider.
Most likely vulnerabilities exploited:
According to blockchain security firm Cyvers, the attack was “swift and sophisticated”, and bears hallmarks of previous hacks attributed to Lazarus Group, a North Korea-linked hacker collective. On the hack, CoinDCX also issued a press note stating that the incident involved only one internal operational account used for liquidity provisioning on a partner exchange.
This is where confusion arises for most people. While blockchain technology itself is designed to be highly secure and resistant to tampering, the platforms built on top of it (like exchanges and bridges) can and have been hacked.
These are mostly in the form of decentralised finance applications and smart contracts, which are built on the blockchain. These are tools which help move crypto from one blockchain to another. Without these, moving crypto is impossible. Here’s a simple breakdown:
Beyond exchanges, several key components in the crypto ecosystem are vulnerable:
CoinDCX isn’t the only exchange which has been hacked, and it’s not even the largest hack till now. Here’s a list of major hacks in the past. Major past crypto exchange hacks:
And in 2025 alone, North Korea-linked hackers are estimated to have stolen over $1.6 billion in crypto via various attacks.
Despite the risks, reputable Indian exchanges like CoinDCX and CoinSwitch follow multiple layers of protection.
Security measures in place:
Even with these safeguards, the fact that these exchanges are run and maintained by humans makes them the weakest link. Despite strict firewalls, things like misconfigured systems to social engineering tactics make these exchanges vulnerable to attacks.
The CoinDCX hack brings up a critical question: Who is watching over crypto in India? Unlike traditional banks, crypto exchanges in India operate in a regulatory grey area. There’s no insurance if an exchange loses money. Even if your funds are safe today, there’s no formal government body to protect you in the event of a total collapse.
And since the government hasn’t officially recognised crypto as a legal financial instrument, these platforms must self-regulate and absorb any damages, as CoinDCX has done in this case. Despite this ambiguity, Indians continue to put more money in crypto, considering the success and a handful of people have been able to derive from early investments.
The breach at CoinDCX didn’t break the blockchain, nor did it rob everyday investors. However, it did expose the vulnerabilities that exist between the user and the chain-the infrastructure, the access systems, and the operational processes.
While the objective of this article isn’t about crypto being unsafe, it’s a reminder that even the strongest technology is only as safe as the people and platforms managing it.
As India’s crypto industry matures, the need for stronger regulation, better audits, and consumer protection mechanisms has never been more urgent. Not to mention that crypto exchanges in India need to have systems in place which can predict and prevent hacks like these in order to keep the ecosystem safe.
