CoinDCX Crypto Hack: What Investors Can Do After the $44 Million Cyberattack

In a significant development that has once again put the spotlight on the vulnerability of digital assets, leading Indian crypto exchange CoinDCX fell victim to a cyberattack on 18 July 2025, causing losses worth $44 million (approx. ₹367 crore). While the company has confirmed that customer funds remain safe, this incident has reignited concerns over the absence of clear cryptocurrency regulations in India and the limited options investors have in such situations.

What Happened in the CoinDCX Cyberattack?

According to the official statement by CoinDCX, the breach was restricted to an internal operational wallet used specifically for liquidity provisioning with a partner exchange. Sumit Gupta, Co-founder and CEO of CoinDCX, shared details of the incident on social media platform X (formerly Twitter), confirming that no customer wallets were impacted, and all user assets are completely secure.

Gupta emphasized,

“The affected account was isolated immediately after detecting the breach. It is not connected to any customer holdings, and we’re covering the losses from our treasury reserves.”

Is Trading Still Active?

Yes. The company reassured users that all trading activities and INR withdrawals are operating as normal. The breach did not affect customer operations, and preventive measures were initiated instantly to control the damage. The firm has also launched an investigation involving internal security teams and external cybersecurity experts.

Investigation and Recovery Underway

CoinDCX is now working closely with its exchange partner to track the movement of the stolen funds and block or recover assets wherever possible. Efforts are being made to identify vulnerabilities and plug any gaps in their security infrastructure.

Interestingly, this attack occurred exactly one year after the WazirX breach on 18 July 2024, where hackers stole $235 million—one of the biggest cyber heists in the Indian crypto space.

Where Can Investors File Complaints?

The CoinDCX hack has sparked a crucial question: Where can Indian investors turn for protection or recourse in case of such breaches?

Currently, India does not have a dedicated legal framework for cryptocurrencies. This means crypto investments operate in a regulatory grey area, without any guarantees or protections from government agencies or financial regulators.

In the event of a dispute or loss due to a cyberattack, investors can seek relief under existing laws like:

• Indian Contract Act

• Consumer Protection Act

• Information Technology (IT) Act

These laws offer limited support. For instance, if users believe there's a breach of agreement or negligence, they may pursue legal action through civil courts based on the platform's terms and conditions.

Expert Insight: Investors Still Vulnerable

According to Shiju PV, Managing Partner at Indian law firm IndiaLaw LLP,

“Since crypto is not regulated in India, investors can only rely on pre-existing legal provisions. While these may offer some level of protection, they are not tailor-made for the dynamic and complex nature of cryptocurrencies.”

This gap highlights the urgent need for a crypto regulatory framework in India—one that clearly defines investor rights, company obligations, and government oversight.

Final Thoughts: A Wake-Up Call for Indian Crypto Ecosystem

The CoinDCX hack is a reminder of the rising threats in the crypto world, especially in jurisdictions where regulations are still evolving. Although CoinDCX has promised to cover the losses using internal reserves, not all platforms may be financially equipped to do so in the event of similar attacks.

For investors, the key takeaway is to stay informed, read the fine print, and know your legal rights. Until India establishes clear cryptocurrency laws, crypto users must operate with caution and understand the risks involved in a largely unregulated space.