- CoinDCX lost $44.2M in a social engineering attack; FIR filed with Karnataka Police, and an investigation is underway.
- The exchange launched an $11M white hat bounty program to aid asset recovery and trace the attackers.
- CoinDCX denied $1B Coinbase takeover rumors, reaffirming its commitment to India’s crypto sector growth.
India-based crypto exchange CoinDCX filed an official First Information Report (FIR) with Karnataka Police following a recent security breach that led to a $44.2 million loss. The company’s co-founder said that preliminary findings suggest the incident stemmed from a sophisticated social engineering attack targeting internal systems. Law enforcement has now launched an active investigation to trace those responsible for the breach, which affected the platform’s operational wallet earlier in July 2025.
Preliminary Probe Points to Social Engineering Breach
The attack, based on internal reviews, involved external actors manipulating employees to access critical internal systems unlawfully. CoinDCX has confirmed that authorities are fully involved in the probe and the exchange is cooperating.
The company stated that it cannot comment further to preserve the investigation’s integrity. In the immediate aftermath, CoinDCX initiated containment measures and launched a recovery bounty program offering up to $11 million to white hat hackers.
The initiative seeks community support to recover the stolen assets and identify the perpetrators. This incident has surfaced during a challenging period for India’s crypto sector, which is struggling with repeated cyber threats.
Takeover Claims Rejected Amid Security Setback
Days after the hack, media reports suggested that Coinbase was in advanced talks to acquire CoinDCX for nearly $1 billion. However, the exchange strongly denied these claims. Responding on X, the company dismissed the speculation and affirmed that it remained focused on developing India’s crypto ecosystem.
The denial came just 11 days after the breach, adding to the ongoing scrutiny surrounding the platform. Despite the setbacks, CoinDCX has continued to expand globally. Earlier in July 2024, it acquired Dubai-based exchange BitOasis and also introduced BSV trading on its platform. These moves aligned with the company’s long term strategy before the breach occurred.
WazirX Recovery Efforts Continue Under Judicial Oversight
Around the same time as CoinDCX’s breach, rival exchange WazirX marked one year since a devastating $235 million hack. That incident, attributed to North Korea’s Lazarus Group, forced WazirX to halt operations and led to international law enforcement involvement.
WazirX recently disclosed that global agencies, including those from Japan, the U.S., and South Korea, formally linked the attack to North Korea. In response, the platform onboarded international cybersecurity firms and secured a moratorium from the Singapore High Court to rebuild safely. CoinDCX had signaled interest in acquiring WazirX earlier this year, while CoinSwitch pledged $70 million in asset recovery support.
