Latest news with #WazirX
The Hindu
4 days ago
- Business
- The Hindu
What happened to the crypto exchange CoinDCX?
The story so far: On July 19, the crypto exchange CoinDCX updated users that one of its internal accounts had been 'compromised.' The company's executives reassured panicked investors and traders that their assets were safe and that access to their crypto would not be cut off. Despite assurances, many CoinDCX customers moved to withdraw their assets, perceiving the event could turn into something like the WazirX hack last year. What happened to CoinDCX? CoinDCX is a Financial Intelligence Unit (FIU) registered Indian cryptocurrency exchange founded in 2018 by Neeraj Khandelwal and Sumit Gupta, now counting over 1.6 crore registered users. On July 19, the exchange shared that one of its 'internal operational accounts, used solely for liquidity provisioning on a partner exchange, was compromised due to a sophisticated server breach.' Mr. Khandelwal clarified this involved unauthorised access to an operational hot (virtually connected) wallet on a partner exchange. CoinDCX reported financial exposure of about $44 million but stressed that the incident was contained by isolating the affected account, which was segregated from the company's customer wallets. The exchange further added that the exposure was limited to that amount alone and that it would be fully absorbed by CoinDCX through its own reserves. 'The incident has been formally reported to CERT-In, and we are actively working with leading blockchain forensics firms and ecosystem partners to trace the attacker and recover assets,' said CoinDCX in its Incident Report, and provided information about the cross-chain movement of the stolen assets. The company also announced a recovery bounty programme. How were CoinDCX users impacted by the hack? CoinDCX repeatedly stressed that customers' funds were secure and unaffected by the hack, as they were placed in segregated, cold wallets that are challenging for attackers to breach. The company also stated that trading, rupee deposits, and rupee withdrawals remained fully functional throughout the period. However, some customers complained that their withdrawal requests took time to be processed, sparking fears that their funds had been frozen. CoinDCX's founding partner Mridul Gupta said that 'operational challenges caused by high withdrawal volumes during non-banking hours' had led to some delays but denied allegations of a freeze. The company later confirmed that all withdrawal requests had been successfully processed. While crypto withdrawals are not possible for everyone using CoinDCX, this is a pre-existing situation that is part of the company's risk policy and was not caused by the hack itself. Furthermore, the exchange faced accusations of a 17-hour-long delay when it came to updating customers about the hack. CoinDCX defended its actions and said it needed to have all the information before issuing a statement to customers but said investigating agencies were immediately informed and onboarded. 'Our first priority is always to act, not just to speak. Before making a public statement, we had to ensure the threat was fully contained, our platform was secure, and all customer funds were safe. Communicating with incomplete or unverified information would have been irresponsible and could have caused unnecessary panic,' said co-founder Sumit Gupta. Other CoinDCX users raised complaints about temporary price drops for certain assets, as well as some tokens being under maintenance, which the company also addressed. How are the CoinDCX and WazirX hacks different? Just a little over a year ago, on July 18, 2024, WazirX was targeted by North Korean cyber-thieves. That day, a multi-signature wallet that the WazirX exchange was managing with the company Liminal was exploited, leading to the loss of assets worth over $230 million. This was far greater than the losses reported by CoinDCX; WazirX customers' assets were directly affected by this breach. After much delay and confusion, WazirX blocked users' access to their crypto for an indefinite period of time and acknowledged significant losses. By contrast, CoinDCX has stressed that it is business as usual for the exchange, noting on X that its annual revenue exceeds ₹1,100 crores. WazirX customers demanded that the company use its own profits or funds to cover losses, but the company said this was not possible, citing an ownership dispute with the international crypto exchange Binance. WazirX further decided to carry out its legal restructuring exercise in Singapore. WazirX users have not been able to access their locked up crypto for over a year and are set to vote for a second time on the amended Scheme of Arrangement. This comes after the first proposed restructuring plan was rejected by the Singapore High Court. Both WazirX and CoinDCX were hit with criticism for delays in informing their customers about their respective hacks. What is the lesson for crypto investors in India? Investors in India should remember that crypto trading is a largely unregulated activity in the country; even users of centralised, FIU-registered exchanges can expect little to no support from the Indian authorities in case of a crisis such as a security breach. Satnam Narang, Senior Staff Research Engineer at Tenable, explained that if users want full control of their coins, they should consider self-custody options like an offline, hardware cold wallet they directly control. Even here, due diligence is required in order to buy only trusted hardware wallets from legitimate sellers, according to him. 'As more and more exchanges have been set up across the world, we have seen reports of attacks targeting smart contract flaws or other ways to steal funds from these exchanges including but not limited to social engineering, theft of credentials or private keys or targeting a third-party company that works with the targeted organization,' said Mr. Narang, noting that the CoinDCX hack was one of the largest cryptocurrency breaches since the attack against WazirX last year. He highlighted that when crypto prices go up, there is also a rise in attacks against both exchanges and customers. Mr. Narang said that traders storing coins on crypto exchanges should use multi-factor authentication and strong passwords, or store their coins securely offline, if possible. 'There is an old adage in the cryptocurrency space that says: 'not your keys, not your crypto/coins'. As long as users store their cryptocurrency on an exchange, those coins don't necessarily belong to them because the exchange could ban their account or an exchange hack could lead to the loss of coins,' explained Mr. Narang.
India.com
5 days ago
- Business
- India.com
Meet the owners of CoinDCX and WazirX, victims of India's biggest crypto theft after platforms hit by Rs 23610000000 cyber crime
Meet the owners of CoinDCX and WazirX, victims of India's biggest crypto theft after platforms hit by Rs 23610000000 cyber crime Recently, two of India's major cryptocurrency exchanges, CoinDCX and WazirX, have become victims of serious cyber attacks. CoinDCX suffered a loss of around Rs. 378 crore (about 44 million dollars) due to a breach in one of its internal accounts. This hacking incident took place on July 19. Last year, crypto exchange WazirX was also hit by a major cyber attack, just like the recent one at CoinDCX. In that incident, hackers stole user holdings worth about USD 230 million (around Rs. 1,983 crore). Over the last few years, India has seen multiple cyber fraud cases in the crypto sector, and now CoinDCX has also joined the list of affected companies. The total value of both attacks adds up to a shocking Rs. 2,361 crore. Let's take a quick look at the people behind these two popular crypto exchanges: WazirX, Founded by Nischal Shetty Nischal Shetty is the founder and CEO of WazirX, one of India's top cryptocurrency platforms. He is from Mumbai and studied computer science at Visvesvaraya Technological University and graduated in 2007. He started his career as a software developer. In 2010, he launched his first startup called Crowdfire, a social media management app that became quite popular. In 2018, Nischal started WazirX to help more people in India learn about and use cryptocurrency. The platform grew very fast and got over 1 crore (10 million) users. In 2019, it was bought by Binance, the world's biggest crypto exchange. Later, in 2022, Nischal started a new project called Shardeum. It's a blockchain platform that is built to work for a large number of users. Its goal is to make blockchain technology easier to use and more helpful for everyone. As per a recent Business Today report, Nischal Shetty and WazirX co-founder Siddharth Menon have moved to Dubai, but WazirX still has offices in Mumbai and Bengaluru. Who owns CoinDCX? While WazirX has been in the spotlight, CoinDCX, another major Indian crypto exchange, also made headlines after the recent cyber attack. CoinDCX was founded in 2018 by Sumit Gupta and Neeraj Khandelwal. Sumit Gupta, an IIT Bombay graduate, is the current CEO of the company. At just 19 years old, he started his first business and also worked at a multinational company in Tokyo.
International Business Times
6 days ago
- Business
- International Business Times
CoinDCX Suffers $44 Million Internal Breach, Offers $11 Million Bounty in Major Crypto Security Incident
In one of the most serious cryptocurrency security incidents to date, CoinDCX has disclosed a $44 million breach involving its internal operational accounts. The crypto exchange confirmed that the loss stemmed from internal systems and did not affect user wallets or customer funds. X Sumit Gupta, CEO of CoinDCX, addressed the incident publicly, assuring users that the company had absorbed the financial hit entirely from its treasury. "No user funds were compromised. We absorbed the loss through our own treasury," he said in a statement. Details about the nature of the breach remain unclear, with the company withholding specifics about the compromised systems or whether any external attackers were identified. In response to the attack, CoinDCX has announced a recovery bounty of up to $11 million aimed at attracting white-hat hackers and blockchain investigators who can help track the stolen funds and identify those responsible. This marks the second-largest publicly known breach of a crypto exchange in India, trailing only WazirX's 2022 hack that involved losses estimated at $230 million. Industry analysts suggest the CoinDCX case highlights growing concerns over internal security lapses at crypto platforms, particularly in treasury management. Experts emphasize that internal breaches often involve compromised credentials or insufficient access controls—issues not necessarily tied to regulatory failings but rather operational weaknesses. The incident has renewed focus on the need for Indian crypto platforms to adopt real-time audits, multi-signature wallets, and tighter access protocols. Although CoinDCX has not yet confirmed the involvement of blockchain forensics firms or law enforcement, the bounty move signals an attempt to crowdsource recovery efforts. Given that no customer assets were affected, the breach is unlikely to prompt direct regulatory consequences but may accelerate calls for standardized operational security frameworks. India's crypto sector continues to operate in a grey regulatory zone, subject to tax laws but without unified cybersecurity standards. With adoption on the rise, incidents like this could push industry bodies and exchanges to double down on backend controls and investor assurance.
India.com
22-07-2025
- Business
- India.com
Rs 1900000000000 lost in a year due to…., loss suffered by many including…
Indian cryptocurrency exchange CoinDCX has reported a security breach that led to the theft of $44.2 million (around Rs 378 crore). However, the company's founders took to X to reassure users that customer funds remain safe and unaffected, clarifying that the breach was limited to an internal operational account. CoinDCX Hit By USD 44.2 mn Security Breach The total exposure is being absorbed entirely by CoinDCX, using the company's treasury reserves, the company said in a First Incident Report released on Sunday. According to the report, on July 19, at 4 AM IST, CoinDCX security systems detected an incident involving unauthorised access to one of its accounts on the partner exchange, leading to a financial exposure of about USD 44 million. The incident once again puts the spotlight on mounting security threats in the highly volatile world of cryptocurrencies. Last year, crypto exchange WazirX faced a hack in India, leading to the loss of more than USD 230 million, and marking one of the biggest such heists in India. The theft had prompted a thorough examination of safety measures and eroded sentiments. CoinDCX On Attack CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal took to the social media platform X to address the situation, confirming that the attack was the result of a sophisticated server breach, targeting an internal wallet, not the ones holding customer assets. The incident was first flagged by blockchain investigator ZachXBT, following which the exchange made the disclosure public. 'Today, one of our internal operational accounts — used only for liquidity provisioning on a partner exchange — was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won't cause any loss to our customers. CoinDCX will be bearing the full amount,' Gupta said. 'The total amount lost was USD 44Mn out of our treasury assets. Coindcx Treasury will be bearing these losses,' Khandelwal wrote. Affected infrastructure has been completely isolated, and CoinDCX operations continue to run normally, the company said. Risk In Crypto Currency Investment Crypto thefts in 2025 had already crossed USD 2.17 billion before last week's USD 44 million CoinDCX hack, underlining relentless cyber threat escalation in the digital currency world, according to the latest data. Blockchain analytics platform Chainalysis' 2025 crypto crime mid-year update says that over USD 2.17 billion was stolen from cryptocurrency services so far in 2025, and 'this year is more devastating than the entirety of 2024'. By the end of June 2025, 17 per cent more value had been stolen year-to-date (YTD) than in 2022, previously the worst year on record. The USD 1.5 billion hack of ByBit, the largest single hack in crypto history, accounts for the majority of service losses. So far in 2025, significant concentrations of stolen fund victims have emerged in the US, Germany, Russia, Canada, Japan, Indonesia, and South Korea, it said. 'Regionally, Eastern Europe, MENA, and CSAO (Central and Southern Asia and Oceania) saw the most rapid H1 2024 to H1 2025 growth in victim totals,' it said. (With Inputs From PTI)
Mint
22-07-2025
- Business
- Mint
Crypto Hack: With $44 million theft at CoinDCX, should investors be wary of investing in cryptos?
Almost one year after $234.9 million was lost to a hack at WazirX on July 18, 2024, another crypto exchange CoinDCX has encountered a massive hack leading to loss of $44 million. This has reportedly given a considerable setback to the new-age investors, some of whom had pinned their hopes on earning good returns amid skyrocketing crypto prices. In the past one month alone, bitcoin prices have risen by around 14 percent to touch $1,18,000. Meanwhile, CoinDCX's Sumit Gupta – after the hack -- wrote on X that customers' funds are 100 percent safe as all user assets are stored in segregated cold wallets. The company further claimed that its reserves are absorbing all losses. After the news spread in the market, the exchange received a huge number of withdrawal requests. In just one day, this crypto exchange received 31,462 requests -- out of which 98.09 percent (30,862) requests have already been processed and the remaining are set to be done in the next three days, Gupta wrote on the micro-blogging site. Most investors wrote positive comments on Gupta's post where he gave an update about INR withdrawals, whereas a few investors expressed discontent for having to exit their position during a bull run such as the post embedded here. CoinDCX on Monday also announced its recovery bounty programme wherein it said that 25 percent of any recovered funds will be rewarded to individuals who can help trace and retrieve the stolen crypto. 'The exposure was from our own reserves, and we have already absorbed it through our corporate treasury. More than recovering the stolen funds, what is important for us is to identify and catch the attackers because such things should not happen again,' wrote Sumit Gupta, co-founder, Coin DCX on X platform. Industry experts believe that these incidents should not shake the faith of investors in the asset class per se. 'Crypto is a fast-growing asset class and choosing how to hold it via self-custody or centralised exchanges (CEXs), is crucial. While self-custody offers control, it also carries higher risks such as key mismanagement or phishing. For investors, the question is not whether it is safe, but it should be whether I am investing through platforms which take safety seriously,' says Edul Patel, CEO and Co-founder of Mudrex. 'Exchanges are becoming more secure and accountable. Platforms such as ByBit and CoinDCX which recently suffered incidents, have shown this by shielding users from losses using internal treasuries, protection funds and distribution of user assets across multiple cold and hot wallets, adds Patel. Some wealth advisors, meanwhile, have a different take on this. 'Some investors want to try new and fancy financial products, and it may lead to investing in unregulated products that carry huge risk. Cryptocurrency is one such product. Its value can change constantly and dramatically at any point in time. If the value goes down, there's no guarantee that it will rise again and that's why an unstable investment due to high investor losses from scams, hacks, bugs, and volatility in the recent couple of years,' says Preeti Zende, a Sebi-registered investment advisor and founder of Apna Dhan Financial Services. 'So, it is better not to burn fingers in such risky and unregulated products and stick with old, trusted products for wealth creation. To achieve long-term sustainable wealth in the long run, investors require a simple investment strategy,' she adds. For all personal finance updates, visit here
