Indian cryptocurrency exchange CoinDCX suffered a cyberattack on July 19, 2025, resulting in the theft of approximately $44 million from one of its internal operational accounts. The breach involved the compromise of an operational wallet on the Solana blockchain, with stolen funds primarily in USDC and USDT stablecoins. CoinDCX CEO Sumit Gupta and cofounder Neeraj Khandelwal confirmed the incident, emphasizing that customer funds remained secure as all user assets were stored in segregated cold wallets. The attack was characterized as a sophisticated server breach, with hackers reportedly using social engineering tactics, including a fake part-time job offer to a CoinDCX employee named Rahul Agarwal, to install malware facilitating the theft. Indian police have arrested a CoinDCX employee in connection with the hack. The stolen funds were traced to North Korea’s Lazarus Group, with the attackers routing the assets through Tornado Cash and bridging them from Solana to Ethereum. Following the breach, rumors emerged about Coinbase being in advanced talks to acquire CoinDCX at a valuation below $1 billion, down from its peak of $2.2 billion in 2022; however, CoinDCX’s CEO denied these acquisition talks and stated the exchange is not for sale. CoinDCX has since offered up to an $11 million bounty for the recovery of the stolen funds. Despite the breach, CoinDCX continues to operate live trading services.