Latest news with #NeerajKhandelwal
The Hindu
3 days ago
- Business
- The Hindu
What happened to the crypto exchange CoinDCX?
The story so far: On July 19, the crypto exchange CoinDCX updated users that one of its internal accounts had been 'compromised.' The company's executives reassured panicked investors and traders that their assets were safe and that access to their crypto would not be cut off. Despite assurances, many CoinDCX customers moved to withdraw their assets, perceiving the event could turn into something like the WazirX hack last year. What happened to CoinDCX? CoinDCX is a Financial Intelligence Unit (FIU) registered Indian cryptocurrency exchange founded in 2018 by Neeraj Khandelwal and Sumit Gupta, now counting over 1.6 crore registered users. On July 19, the exchange shared that one of its 'internal operational accounts, used solely for liquidity provisioning on a partner exchange, was compromised due to a sophisticated server breach.' Mr. Khandelwal clarified this involved unauthorised access to an operational hot (virtually connected) wallet on a partner exchange. CoinDCX reported financial exposure of about $44 million but stressed that the incident was contained by isolating the affected account, which was segregated from the company's customer wallets. The exchange further added that the exposure was limited to that amount alone and that it would be fully absorbed by CoinDCX through its own reserves. 'The incident has been formally reported to CERT-In, and we are actively working with leading blockchain forensics firms and ecosystem partners to trace the attacker and recover assets,' said CoinDCX in its Incident Report, and provided information about the cross-chain movement of the stolen assets. The company also announced a recovery bounty programme. How were CoinDCX users impacted by the hack? CoinDCX repeatedly stressed that customers' funds were secure and unaffected by the hack, as they were placed in segregated, cold wallets that are challenging for attackers to breach. The company also stated that trading, rupee deposits, and rupee withdrawals remained fully functional throughout the period. However, some customers complained that their withdrawal requests took time to be processed, sparking fears that their funds had been frozen. CoinDCX's founding partner Mridul Gupta said that 'operational challenges caused by high withdrawal volumes during non-banking hours' had led to some delays but denied allegations of a freeze. The company later confirmed that all withdrawal requests had been successfully processed. While crypto withdrawals are not possible for everyone using CoinDCX, this is a pre-existing situation that is part of the company's risk policy and was not caused by the hack itself. Furthermore, the exchange faced accusations of a 17-hour-long delay when it came to updating customers about the hack. CoinDCX defended its actions and said it needed to have all the information before issuing a statement to customers but said investigating agencies were immediately informed and onboarded. 'Our first priority is always to act, not just to speak. Before making a public statement, we had to ensure the threat was fully contained, our platform was secure, and all customer funds were safe. Communicating with incomplete or unverified information would have been irresponsible and could have caused unnecessary panic,' said co-founder Sumit Gupta. Other CoinDCX users raised complaints about temporary price drops for certain assets, as well as some tokens being under maintenance, which the company also addressed. How are the CoinDCX and WazirX hacks different? Just a little over a year ago, on July 18, 2024, WazirX was targeted by North Korean cyber-thieves. That day, a multi-signature wallet that the WazirX exchange was managing with the company Liminal was exploited, leading to the loss of assets worth over $230 million. This was far greater than the losses reported by CoinDCX; WazirX customers' assets were directly affected by this breach. After much delay and confusion, WazirX blocked users' access to their crypto for an indefinite period of time and acknowledged significant losses. By contrast, CoinDCX has stressed that it is business as usual for the exchange, noting on X that its annual revenue exceeds ₹1,100 crores. WazirX customers demanded that the company use its own profits or funds to cover losses, but the company said this was not possible, citing an ownership dispute with the international crypto exchange Binance. WazirX further decided to carry out its legal restructuring exercise in Singapore. WazirX users have not been able to access their locked up crypto for over a year and are set to vote for a second time on the amended Scheme of Arrangement. This comes after the first proposed restructuring plan was rejected by the Singapore High Court. Both WazirX and CoinDCX were hit with criticism for delays in informing their customers about their respective hacks. What is the lesson for crypto investors in India? Investors in India should remember that crypto trading is a largely unregulated activity in the country; even users of centralised, FIU-registered exchanges can expect little to no support from the Indian authorities in case of a crisis such as a security breach. Satnam Narang, Senior Staff Research Engineer at Tenable, explained that if users want full control of their coins, they should consider self-custody options like an offline, hardware cold wallet they directly control. Even here, due diligence is required in order to buy only trusted hardware wallets from legitimate sellers, according to him. 'As more and more exchanges have been set up across the world, we have seen reports of attacks targeting smart contract flaws or other ways to steal funds from these exchanges including but not limited to social engineering, theft of credentials or private keys or targeting a third-party company that works with the targeted organization,' said Mr. Narang, noting that the CoinDCX hack was one of the largest cryptocurrency breaches since the attack against WazirX last year. He highlighted that when crypto prices go up, there is also a rise in attacks against both exchanges and customers. Mr. Narang said that traders storing coins on crypto exchanges should use multi-factor authentication and strong passwords, or store their coins securely offline, if possible. 'There is an old adage in the cryptocurrency space that says: 'not your keys, not your crypto/coins'. As long as users store their cryptocurrency on an exchange, those coins don't necessarily belong to them because the exchange could ban their account or an exchange hack could lead to the loss of coins,' explained Mr. Narang.
India.com
7 days ago
- Business
- India.com
Rs 1900000000000 lost in a year due to…., loss suffered by many including…
Indian cryptocurrency exchange CoinDCX has reported a security breach that led to the theft of $44.2 million (around Rs 378 crore). However, the company's founders took to X to reassure users that customer funds remain safe and unaffected, clarifying that the breach was limited to an internal operational account. CoinDCX Hit By USD 44.2 mn Security Breach The total exposure is being absorbed entirely by CoinDCX, using the company's treasury reserves, the company said in a First Incident Report released on Sunday. According to the report, on July 19, at 4 AM IST, CoinDCX security systems detected an incident involving unauthorised access to one of its accounts on the partner exchange, leading to a financial exposure of about USD 44 million. The incident once again puts the spotlight on mounting security threats in the highly volatile world of cryptocurrencies. Last year, crypto exchange WazirX faced a hack in India, leading to the loss of more than USD 230 million, and marking one of the biggest such heists in India. The theft had prompted a thorough examination of safety measures and eroded sentiments. CoinDCX On Attack CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal took to the social media platform X to address the situation, confirming that the attack was the result of a sophisticated server breach, targeting an internal wallet, not the ones holding customer assets. The incident was first flagged by blockchain investigator ZachXBT, following which the exchange made the disclosure public. 'Today, one of our internal operational accounts — used only for liquidity provisioning on a partner exchange — was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won't cause any loss to our customers. CoinDCX will be bearing the full amount,' Gupta said. 'The total amount lost was USD 44Mn out of our treasury assets. Coindcx Treasury will be bearing these losses,' Khandelwal wrote. Affected infrastructure has been completely isolated, and CoinDCX operations continue to run normally, the company said. Risk In Crypto Currency Investment Crypto thefts in 2025 had already crossed USD 2.17 billion before last week's USD 44 million CoinDCX hack, underlining relentless cyber threat escalation in the digital currency world, according to the latest data. Blockchain analytics platform Chainalysis' 2025 crypto crime mid-year update says that over USD 2.17 billion was stolen from cryptocurrency services so far in 2025, and 'this year is more devastating than the entirety of 2024'. By the end of June 2025, 17 per cent more value had been stolen year-to-date (YTD) than in 2022, previously the worst year on record. The USD 1.5 billion hack of ByBit, the largest single hack in crypto history, accounts for the majority of service losses. So far in 2025, significant concentrations of stolen fund victims have emerged in the US, Germany, Russia, Canada, Japan, Indonesia, and South Korea, it said. 'Regionally, Eastern Europe, MENA, and CSAO (Central and Southern Asia and Oceania) saw the most rapid H1 2024 to H1 2025 growth in victim totals,' it said. (With Inputs From PTI)
India.com
7 days ago
- Business
- India.com
Rs 3780000000 loss: Major security breach hits Indian crypto exchange CoinDCX, here's what exactly happened?
Rs 3780000000 loss: Major security breach hits Indian crypto exchange CoinDCX, here's what exactly happened? A major security breach was reported at Indian cryptocurrency exchange CoinDCX in recent days. Because of the security breach**,** the company lost approximately Rs 378 crore (USD 44.2 million). As per reports, the incident took place on July 19 at around 4 am. Someone made unauthorised access to an internal operational account on a partner exchange. However, CoinDCX has assured its users that the security breach will not affect their funds and they will remain secure. CoinDCX Filed An FIR According to the FIR, the Indian cryptocurrency exchange stated that it is covering the entire financial loss using its own treasury funds, so customers won't be affected. Co-founders Sumit Gupta and Neeraj Khandelwal took to X and attributed the major security breach to 'sophisticated server attack' that attacked the internal wallet whish is used by the company for liquidity provisioning. 'Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won't cause any loss to our customers. CoinDCX will be bearing the full amount,' Gupta wrote in the post. 'The total amount lost was Rs378 crore ($44 million) out of our treasury assets. CoinDCX Treasury will be bearing these losses,' Khandelwal posted. Who Detected The Security Breach? The security breach was first detected by blockchain investigator ZachXBT, following which CoinDCX made the announcement. A 17-hour delay in publicly disclosing the incident has drawn online criticism, despite widespread praise for the company's efforts to safeguard user funds. Withdrawal Requests Overwhelmed CoinDCX's Systems As soon as the security breach news came out, users overwhelmed the CoinDCX's systems with withdrawal requests, leading to its portfolio APIs becoming temporarily unresponsive. The API is responsible for displaying balances and transaction histories, but due to the unresponsiveness, several users were stuck and were unable to view their holdings. Following a security breach, CoinDCX fired leading cybersecurity firms and reported the incident to India's CERT-In. A full investigation is underway, and the company plans to release its findings. This incident comes after a significant 2024 hack of WazirX, resulting in India's largest cryptocurrency exchange theft to date, exceeding Rs1,965 crore (USD 230 million).
Entrepreneur
22-07-2025
- Business
- Entrepreneur
CoinDCX Launches Crypto Recovery Bounty After USD 44 Mn Breach
CoinDCX introduced a Recovery Bounty Program that offers up to 25 percent of any successfully recovered funds as a reward for actionable intelligence leading to the retrieval of assets and identification of the attacker. You're reading Entrepreneur India, an international franchise of Entrepreneur Media. Cryptocurrency exchange CoinDCX has announced a major initiative to recover digital assets worth approximately USD 44.2 million stolen in a recent security breach. The company unveiled a Recovery Bounty Program on Monday, offering rewards of up to 25 percent of any successfully retrieved funds to individuals who provide actionable intelligence that leads to asset recovery or the identification of the perpetrator. The potential bounty could reach USD 11 million, making it the largest of its kind in India's crypto sector. The breach targeted an internal operational wallet on the Solana blockchain between July 18 and 20, and was confirmed by the company late Friday. "We are collaborating with exchange partners to block and recover assets," said Neeraj Khandelwal, Co-founder of CoinDCX. "At the same time, we are launching this bounty program to strengthen our defences and reinforce transparency." As of Sunday, CoinDCX reported that a significant portion of the stolen assets appeared to be consolidated in two crypto wallets—one holding around 155,830 SOL (approximately USD 27.6 million) and another containing 4,443 ETH (about USD 15.7 million). The company is working with cybersecurity firms Sygnia, zeroShadow, and Seal911 to investigate the breach. It has also partnered with the Solana Foundation, Superteam, and bridge infrastructure providers Wormhole and deBridge to support asset recovery efforts. CoinDCX emphasized that no customer funds were affected in the incident. The compromised wallet was reportedly used solely for internal operations and was managed through a partner exchange. The firm is now inviting ethical hackers, white-hat researchers, and cybersecurity experts to join the recovery effort. Contributions will be assessed based on credibility and potential impact, and participants can contact the company via the dedicated email address provided. Blockchain security firm Cyvers reported that the attacker made off with funds denominated in USDC and USDT. While CoinDCX has not officially confirmed the total stolen amount, the figure aligns with Cyvers' analysis. The breach mirrors a similar incident involving rival exchange WazirX last year. On July 18, 2024, WazirX launched a global bounty program offering up to USD 23 million to help retrieve USD 234 million in stolen crypto. Despite the effort, only about USD 3 million of the assets were frozen, with the remainder laundered through crypto mixers. CoinDCX's new program highlights a growing reliance on community-led initiatives to combat crypto-related cybercrime.
Indian Express
21-07-2025
- Business
- Indian Express
CoinDCX offers 25% bounty to recover stolen crypto in $44-mn hack
CoinDCX, one of India's leading cryptocurrency exchanges, has announced a recovery bounty program after suffering a security breach that led to the loss of approximately $44 million (around Rs 379 crore). The company is offering up to 25 per cent of the recovered funds as a reward to those who help retrieve the stolen crypto and assist in identifying and bringing the attackers to justice. If all lost assets are recovered, the bounty could reach a total value of $11 million (Rs 94.6 crore). In a statement, CoinDCX emphasised that the effort goes beyond just recovering funds — it's about uniting the Web3 community to stand against cybercrime. 'This is not just about us. This is about standing up for what's right, for the safety, transparency, and future of the entire Web3 ecosystem. It's a war against cybercrime,' the company said. Co-founder Neeraj Khandelwal highlighted that the breach was not only an attack on CoinDCX but on trust itself. 'When one of us is targeted, all of us are affected. CoinDCX is committed to using this incident as a turning point—to strengthen our defenses, reinforce transparency, and work with the best minds in the industry to make recovery real and replicable,' he said. He added that the company is actively working with an exchange partner to block and recover the stolen assets and is fully committed to the recovery effort. 'We will emerge from this stronger, together,' Khandelwal said. The company also issued a call to action, inviting ethical hackers, white-hat researchers, and partners across the ecosystem to join the fight against cybercrime.
