Audit log

Every state-changing event for CoinDCX: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-14 17:21:53Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 419,730,828

   sig

   34qmFwaaqtDA…zEvdebL3copyexplorer ↗

   hash

   C6xPzJpvkwe8…VvAwS8xhcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (22535 B) ▸

   {"actor":"system:backfill","investigation_id":"358a9e18-a1c9-43e5-b239-ff846bea558d","kind":"publish","page_slug":"coindcx","published_at":"2026-05-14T17:21:53.364Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"CoinDCX","sections":[{"content":"CoinDCX was founded in 2018 by Sumit Gupta (CEO) and Neeraj Khandelwal (CTO) and is headquartered in Mumbai, India. The exchange operates under Neblio Technologies, its FIU-IND registered entity. CoinDCX became India's first crypto unicorn in August 2021 after raising $90 million in a Series C round, reaching a $1.1 billion valuation. Coinbase has invested in CoinDCX across multiple rounds; a subsequent investment in 2023 placed the company's valuation at $2.45 billion. Total funding across seven rounds stands at approximately $247 million, with investors including Polychain Capital and Bain Capital Ventures. CoinDCX is registered as a Reporting Entity with India's Financial Intelligence Unit (FIU-IND) and claims compliance with Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) guidelines.","heading":"Background and Corporate Structure","severity":"low","sources":[{"credibility":2,"name":"Coinbase invests in CoinDCX at $2.45B valuation — Blockworks","type":"news","url":"https://blockworks.co/news/coinbase-invests-coindcx"},{"credibility":1,"name":"CoinDCX FIU Registration Announcement — CoinDCX Blog","type":"official","url":"https://coindcx.com/blog/announcements/coindcx-is-now-fiu-registered/"},{"credibility":2,"name":"CoinDCX Series C unicorn funding — Fintech Futures","type":"news","url":"https://www.fintechfutures.com/blockchain-crypto-digital-assets/coindcx-lands-90m-series-c-funding-to-become-india-s-first-crypto-unicorn"}]},{"content":"On July 19, 2025, CoinDCX suffered a major security breach resulting in the theft of approximately $44.2 million from one of the exchange's internal operational wallets used for liquidity provisioning. The breach remained undisclosed for approximately 17 hours until blockchain investigator ZachXBT identified and publicly reported the theft via his Telegram channel on July 21, 2025. CEO Sumit Gupta subsequently confirmed the incident the same day, attributing it to a 'sophisticated server breach.' The stolen funds — approximately $44.2 million in USDC and USDT — originated from a Solana-based operational wallet. On-chain analysis by Cyvers and others identified the attacker consolidated assets into two primary wallets: a Solana wallet holding approximately 155,830 SOL (roughly $27.6 million) and an Ethereum wallet holding approximately 4,443 ETH (roughly $15.7 million). The attacker was funded with 1 ETH via Tornado Cash before initiating the transfers, and subsequently bridged a portion of the stolen Solana funds to Ethereum using the Mayan Bridge, with some funds passing through Tornado Cash to obscure the trail. The entire drain of $44 million was completed within approximately five minutes. The affected hot wallet used for internal funds was not included in CoinDCX's official Proof of Reserves documentation, complicating post-incident analysis. Cybersecurity firm Cyvers attributed the attack to North Korea's Lazarus Group, citing 'hallmarks' consistent with prior state-sponsored operations and the same exploit pattern as the 2024 WazirX hack. CoinDCX stated that customer funds held in cold storage were unaffected and pledged to cover all losses from its own treasury reserves. On July 23, 2025, CoinDCX launched what it described as India's largest-ever crypto recovery bounty, offering up to 25% — approximately $11 million — of any recovered funds to individuals or teams assisting with tracing and recovery.","heading":"July 2025 Security Breach — $44.2 Million Hack","severity":"critical","sources":[{"credibility":1,"name":"CoinDCX CEO blames server breach for $44M exploit — The Block","type":"news","url":"https://www.theblock.co/post/363479/coindcx-ceo-blames-server-breach-for-44-million-exploit-indian-firm-will-cover-losses"},{"credibility":1,"name":"Indian crypto exchange CoinDCX confirms $44M stolen — TechCrunch","type":"news","url":"https://techcrunch.com/2025/07/21/indian-crypto-exchange-coindcx-confirms-44-million-stolen-during-hack/"},{"credibility":1,"name":"CoinDCX Hack: How Attackers Stole $44M Without Touching User Funds — CoinTelegraph","type":"news","url":"https://cointelegraph.com/explained/how-hackers-stole-44m-from-coindcx-without-touching-user-wallets"},{"credibility":2,"name":"Explained: The CoinDCX Hack July 2025 — Halborn","type":"news","url":"https://www.halborn.com/blog/post/explained-the-coindcx-hack-july-2025"},{"credibility":2,"name":"Cyvers Alerts on X: $44.2M hack detection and Tornado Cash funding","type":"onchain","url":"https://x.com/CyversAlerts/status/1946625586597888163"},{"credibility":2,"name":"CoinDCX Hack Traced to Lazarus Group — CryptoRank","type":"news","url":"https://cryptorank.io/news/feed/b83cb-north-korean-lazarus-group-linked-to-44-2-million-coin-dcx-crypto-heist"},{"credibility":2,"name":"$44M CoinDCX Hack: Hacker Received Tornado Cash ETH — CCN","type":"news","url":"https://www.ccn.com/news/crypto/44m-coindcx-hack-hacker-received-tornado-cash-eth/"},{"credibility":2,"name":"CoinDCX Hack: Hack Track Inside the Exploit — Merkle Science","type":"onchain","url":"https://www.merklescience.com/blog/hack-track-inside-the-coindcx-exploit"}]},{"content":"Subsequent investigation revealed the hack was executed via a social engineering attack targeting a CoinDCX software engineer. According to Decrypt and CoinTelegraph reporting, hackers posing as recruiters lured employee Rahul Agarwal, 30, a software engineer from Jharkhand, with fake freelance opportunities including online review writing. Agarwal initially used his personal laptop, then at the attackers' request switched to his office system, on which malware was installed. By early 2024, Agarwal had reportedly earned approximately $18,000 (roughly 1.5 million rupees) through these fraudulent engagements, unknowingly enabling the attackers to gain access to wallet credentials. The theft itself occurred on July 19, 2025: a test transfer of 1 USDT was executed at 2:37 AM, followed by the full $44 million drain at 9:40 AM. Agarwal was arrested on July 26, 2025 by Bengaluru's Whitefield Police. He denied knowing his device had been compromised and stated he was unaware of any scheme until confronted during CoinDCX's internal inquiry. Stolen funds were distributed across six separate digital wallets. Law enforcement noted that the borderless nature of crypto complicated the money trail compared to conventional bank transfers.","heading":"Attack Vector — Social Engineering and Employee Compromise","severity":"high","sources":[{"credibility":1,"name":"CoinDCX Employee Arrested Over $44M Exchange Hack — Decrypt","type":"news","url":"https://decrypt.co/332903/coindcx-employee-arrested-over-44m-exchange-hack"},{"credibility":1,"name":"Hackers used fake job offer to target CoinDCX employee — The Block","type":"news","url":"https://www.theblock.co/post/364993/coindcx-employee-arrested-police-crypto-theft"},{"credibility":2,"name":"CoinDCX Employee Arrested in $44M Crypto Hack — CoinGape","type":"news","url":"https://coingape.com/coindcx-employee-arrested-in-44m-crypto-hack-denies-involvement/"}]},{"content":"In March 2026, CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal were arrested by Thane Police in connection with a case involving alleged fraud of approximately 71.6 lakh rupees (roughly $85,000 USD). The First Information Report (FIR), registered on March 16, 2026, was filed by a 42-year-old insurance consultant from Mumbra who alleged he was defrauded between August 2025 and February 2026 by individuals who promised high investment returns and franchise rights under the CoinDCX brand. The co-founders were detained in Bengaluru and produced before a magistrate's court, which remanded them to custody until March 23, 2026. A court in Thane subsequently granted bail to both founders on surety of 50,000 rupees each, with the magistrate finding 'no case made out against them.' CoinDCX publicly rejected the allegations, stating the fraud was carried out by impersonators through a copycat website using the domain coindcx.pro, which it said has no connection to the official exchange. The complainant later filed an affidavit stating he had recovered the full amount from another accused individual and no longer had any grievance against the CoinDCX founders. CoinDCX reported that between April 1, 2024, and January 5, 2026, it had identified more than 1,212 fake websites impersonating coindcx.com. Following the founders' arrests, CoinDCX announced a 100 crore rupee 'Digital Suraksha Network' initiative aimed at combating impersonation fraud.","heading":"Co-Founder Arrests and Fraud Allegations — March 2026","severity":"high","sources":[{"credibility":1,"name":"CoinDCX co-founders arrested, deny wrongdoing, blame impersonation — The Block","type":"news","url":"https://www.theblock.co/post/394589/coindcx-co-founders-arrested-by-indian-police-for-alleged-fraud-deny-wrongdoing-blame-impersonation-scheme-reports"},{"credibility":2,"name":"CoinDCX co-founders arrested in Rs 71.6 lakh crypto fraud case — MediaNama","type":"news","url":"https://www.medianama.com/2026/03/223-coindcx-co-founders-arrested-fraud-firm-conspiracy/"},{"credibility":2,"name":"Court grants bail to CoinDCX co-founders — BusinessToday","type":"news","url":"https://www.businesstoday.in/latest/corporate/story/no-case-made-out-against-them-court-grants-bail-to-coindcx-co-founders-in-alleged-fraud-case-522181-2026-03-24"},{"credibility":2,"name":"CoinDCX Rebukes Fraud Allegations, Points to Impersonation Scam — Yahoo Finance","type":"news","url":"https://finance.yahoo.com/markets/crypto/articles/coindcx-rebukes-fraud-allegations-points-055638716.html"},{"credibility":2,"name":"CoinDCX Launches Rs 100 Cr Digital Suraksha Network After Founders Arrest — CryptoTimes","type":"news","url":"https://www.cryptotimes.io/2026/03/30/coindcx-launches-rs-100-cr-digital-suraksha-network-after-founders-arrest/"}]},{"content":"In July 2025, WazirX — India's other major exchange, itself undergoing Singapore High Court restructuring proceedings following its own $230 million hack in 2024 — filed an affidavit alleging that CoinDCX held user funds in a Lithuania-based entity that was not registered with India's FIU until February 2025. CoinDCX CEO Sumit Gupta publicly denied the allegations, stating that no business was ever conducted in Lithuania and that no user funds were ever moved to or held by any Lithuania-based entity. Gupta asserted that all India-based user INR and crypto funds have always been held by Neblio Technologies, CoinDCX's FIU-IND registered entity. CoinDCX updated its Terms of Use in February 2025 to formally designate Neblio Technologies as the contracting party. These allegations arose in the context of WazirX's contested restructuring, and CoinDCX characterized them as made in bad faith. No independent verification of either party's claims regarding Lithuania has been reported as of the investigation date.","heading":"WazirX Allegations Regarding User Fund Handling","severity":"medium","sources":[{"credibility":1,"name":"CoinDCX Denies Moving User Funds After WazirX Allegations — CoinDesk","type":"news","url":"https://www.coindesk.com/policy/2025/07/12/indian-crypto-exchange-coindcx-denies-moving-user-funds-after-wazirx-allegations"},{"credibility":2,"name":"CoinDCX Refutes WazirX: User Crypto Never Moved Abroad — Bitcoinist","type":"news","url":"https://bitcoinist.com/coindcx-ceo-wazirx-allegations-user-crypto-moved/"},{"credibility":2,"name":"CoinDCX Denies WazirX Allegations Over Lithuania Entity — TokenPost","type":"news","url":"https://www.tokenpost.com/news/regulation/16294"}]},{"content":"CoinDCX has faced user backlash over reported crypto withdrawal restrictions. Multiple users reported having their withdrawals suspended or delayed, with some accounts restricted for over 20 days without resolution. CoinDCX co-founder Sumit Gupta explained publicly that relaxing withdrawal restrictions could expose the exchange to risk of regulatory bank account freezes, and described the withdrawal access rollout as an 'opt-in' process implemented in stages without providing firm timelines. CoinDCX's Trustpilot rating has been reported at approximately 2.2 out of 5, reflecting widespread negative user sentiment. Reports indicate that following the July 2025 hack disclosure, trading volumes dropped and users migrated assets to competing exchanges. The platform has also struggled with KYC verification delays, with some users reporting multi-week waits for crypto withdrawal authorization with no substantive support responses. CoinSwitch and CoinDCX both faced criticism after India's 1% TDS on crypto transactions came into effect, with the exchanges struggling to address the associated user service backlog.","heading":"User Withdrawal Restrictions and Customer Complaints","severity":"medium","sources":[{"credibility":2,"name":"CoinDCX Faces Backlash Over Crypto Withdrawal Restrictions — Analytics Insight","type":"news","url":"https://www.analyticsinsight.net/news/coindcx-faces-backlash-over-crypto-withdrawal-restrictions-users-frustrated"},{"credibility":2,"name":"CoinDCX Users Slam Exchange Over Withdrawal Restrictions — CoinPedia","type":"news","url":"https://coinpedia.org/news/coindcx-users-slam-exchange-over-withdrawal-restrictions-and-delayed-support/"},{"credibility":2,"name":"CoinSwitch, CoinDCX Struggle to Address User Issues as Crypto TDS Comes Into Effect — Inc42","type":"news","url":"https://inc42.com/features/coinswitch-coindcx-struggle-to-address-user-issues-as-crypto-tds-comes-into-effect/"}]},{"content":"CoinDCX is registered with India's Financial Intelligence Unit (FIU-IND) as a Reporting Entity and claims full compliance with Prevention of Money Laundering Act (PMLA) obligations, including KYC, record-keeping, and suspicious transaction reporting. The exchange operates under Neblio Technologies. India's regulatory framework for cryptocurrency does not have a single dedicated regulator; oversight is shared between the FIU, the Reserve Bank of India (RBI), and the Securities and Exchange Board of India (SEBI). CoinDCX engaged India's Computer Emergency Response Team (CERT-In) following the July 2025 hack and cooperated with police investigations into the employee compromise. As of the investigation date, no direct enforcement actions by the FIU, SEBI, or RBI against CoinDCX itself have been publicly reported, though the founders' brief arrest in March 2026 — later resolved in their favor — represents a notable regulatory and law enforcement interaction.","heading":"Regulatory Standing","severity":"low","sources":[{"credibility":1,"name":"CoinDCX FIU Registration — CoinDCX Blog","type":"official","url":"https://coindcx.com/blog/announcements/coindcx-is-now-fiu-registered/"},{"credibility":1,"name":"Crypto Legal Status in India 2026 — CoinDCX Blog","type":"official","url":"https://coindcx.com/blog/cryptocurrency/crypto-legal-status-in-india/"},{"credibility":1,"name":"CoinDCX confirms $44M hack, engaged CERT-In — TechCrunch","type":"news","url":"https://techcrunch.com/2025/07/21/indian-crypto-exchange-coindcx-confirms-44-million-stolen-during-hack/"}]},{"content":"Blockchain investigator ZachXBT was the first to publicly identify and report the $44.2 million theft from CoinDCX, alerting followers via his official Telegram channel approximately 17 hours after the breach occurred and before CoinDCX made any official disclosure. ZachXBT identified the attacker's Ethereum address, noted it was pre-funded with 1 ETH from Tornado Cash, and flagged the cross-chain fund movements from Solana to Ethereum. His Telegram flag is the basis for CoinDCX's inclusion in this investigation. CoinDCX's breach follows the WazirX hack of approximately $230 million in July 2024 — one year earlier — which was also linked to the Lazarus Group. Cybersecurity analysts have noted that both Indian exchange hacks share similar exploit patterns, and the FBI has attributed the WazirX hack to North Korean state actors. CoinDCX's response — covering losses from treasury without socializing them to users — has been favorably contrasted with WazirX's approach, which froze user withdrawals and proposed a contested recovery plan ultimately rejected by the Singapore High Court.","heading":"ZachXBT's Role and Broader Context","severity":"high","sources":[{"credibility":1,"name":"CoinDCX CEO confirms server breach for $44M exploit — The Block","type":"news","url":"https://www.theblock.co/post/363479/coindcx-ceo-blames-server-breach-for-44-million-exploit-indian-firm-will-cover-losses"},{"credibility":2,"name":"CoinDCX vs WazirX: Lessons from India Crypto Hacks — Crystal Intelligence","type":"news","url":"https://crystalintelligence.com/thought-leadership/coindcx-vs-wazirx-lessons/"},{"credibility":1,"name":"CoinDCX Hack News — CoinDesk","type":"news","url":"https://www.coindesk.com/web3/2025/07/19/indian-crypto-exchange-coindcx-suffers-44m-hack"}]}],"sources_used":[],"summary":"CoinDCX is one of India's largest cryptocurrency exchanges, founded in 2018 and valued at $2.45 billion following Coinbase investment. In July 2025, the exchange suffered a $44.2 million security breach attributed by cybersecurity firm Cyvers to North Korea's Lazarus Group, which was first publicly identified by blockchain investigator ZachXBT before official disclosure. While customer funds were not directly affected and the exchange covered losses from treasury, the incident compounded existing concerns including co-founder arrests over alleged fraud in March 2026 and ongoing user withdrawal complaints.","timeline":[{"date":"2018-01","event":"CoinDCX founded by Sumit Gupta and Neeraj Khandelwal in Mumbai, India.","source":"The Brand Hopper","source_url":"https://thebrandhopper.com/2023/02/22/coindcx-history-business-model-growth-revenue-funding-and-future-of-coindcx/"},{"date":"2021-08","event":"CoinDCX raises $90 million Series C, becomes India's first crypto unicorn at $1.1 billion valuation.","source":"Fintech Futures","source_url":"https://www.fintechfutures.com/blockchain-crypto-digital-assets/coindcx-lands-90m-series-c-funding-to-become-india-s-first-crypto-unicorn"},{"date":"2023-10","event":"Coinbase makes fresh investment in CoinDCX at $2.45 billion valuation.","source":"Blockworks","source_url":"https://blockworks.co/news/coinbase-invests-coindcx"},{"date":"2024-07","event":"WazirX hack ($230M, Lazarus Group attributed) raises industry-wide concerns about Indian exchange security; CoinDCX begins receiving scrutiny in comparison.","source":"Crystal Intelligence","source_url":"https://crystalintelligence.com/thought-leadership/coindcx-vs-wazirx-lessons/"},{"date":"2025-02","event":"CoinDCX updates Terms of Use to formally designate Neblio Technologies as contracting party, amid WazirX allegations about Lithuania entity.","source":"TokenPost","source_url":"https://www.tokenpost.com/news/regulation/16294"},{"date":"2025-07-12","event":"WazirX files affidavit in Singapore High Court alleging CoinDCX held user funds in Lithuania-based unregistered entity; CoinDCX denies.","source":"CoinDesk","source_url":"https://www.coindesk.com/policy/2025/07/12/indian-crypto-exchange-coindcx-denies-moving-user-funds-after-wazirx-allegations"},{"date":"2025-07-19","event":"CoinDCX suffers $44.2M hack. Attacker funded with 1 ETH from Tornado Cash drains Solana operational wallet in approximately five minutes (2:37 AM test transfer, 9:40 AM full drain). Funds moved to six wallets, then bridged to Ethereum.","source":"Decrypt / The Block","source_url":"https://decrypt.co/332903/coindcx-employee-arrested-over-44m-exchange-hack"},{"date":"2025-07-21","event":"ZachXBT publicly identifies the $44.2M theft via Telegram, approximately 17 hours after the breach, before official CoinDCX disclosure. CEO Sumit Gupta subsequently confirms the breach publicly.","source":"TechCrunch","source_url":"https://techcrunch.com/2025/07/21/indian-crypto-exchange-coindcx-confirms-44-million-stolen-during-hack/"},{"date":"2025-07-22","event":"CoinDCX files police complaint regarding the hack.","source":"Decrypt","source_url":"https://decrypt.co/332903/coindcx-employee-arrested-over-44m-exchange-hack"},{"date":"2025-07-23","event":"CoinDCX launches recovery bounty program offering 25% (up to $11M) of recovered funds to anyone assisting in asset tracing.","source":"SumSub / CoinTelegraph","source_url":"https://sumsub.com/media/news/coindcx-reports-hack-and-launches-largest-recovery-bounty/"},{"date":"2025-07-26","event":"CoinDCX software engineer Rahul Agarwal, 30, arrested by Bengaluru Whitefield Police in connection with the hack. Agarwal denies knowingly participating, states he was deceived via fake freelance job offers.","source":"Decrypt","source_url":"https://decrypt.co/332903/coindcx-employee-arrested-over-44m-exchange-hack"},{"date":"2026-03-16","event":"FIR filed in Thane by 42-year-old insurance consultant alleging fraud of Rs 71.6 lakh via individuals impersonating CoinDCX founders.","source":"MediaNama","source_url":"https://www.medianama.com/2026/03/223-coindcx-co-founders-arrested-fraud-firm-conspiracy/"},{"date":"2026-03-22","event":"Thane Police arrest CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal alongside four others. Both deny wrongdoing and cite impersonator using domain coindcx.pro.","source":"The Block","source_url":"https://www.theblock.co/post/394589/coindcx-co-founders-arrested-by-indian-police-for-alleged-fraud-deny-wrongdoing-blame-impersonation-scheme-reports"},{"date":"2026-03-24","event":"Magistrate grants bail to CoinDCX co-founders, finding 'no case made out against them.' Complainant subsequently affirms he recovered full amount from another accused and has no further grievance against the founders.","source":"BusinessToday","source_url":"https://www.businesstoday.in/latest/corporate/story/no-case-made-out-against-them-court-grants-bail-to-coindcx-co-founders-in-alleged-fraud-case-522181-2026-03-24"},{"date":"2026-03-30","event":"CoinDCX launches Rs 100 crore 'Digital Suraksha Network' initiative to combat impersonation fraud.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/03/30/coindcx-launches-rs-100-cr-digital-suraksha-network-after-founders-arrest/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 435c8cb0-8568-4285-a5d0-6016ab967644copy