CoinDCX hit by USD 44.2 mn security breach; founders say customer funds unaffected, safe
New Delhi, Jul 20 (PTI): Indian cryptocurrency exchange CoinDCX has suffered a security breach, resulting in theft of USD 44.2 million, or Rs 378 crore, even as the founders took to X to reassure that customer funds remained unaffected and safe, with the compromise limited to an internal operational account.
The total exposure is being absorbed entirely by CoinDCX, using the company's treasury reserves, the company said in a First Incident Report released on Sunday.
According to the report, on July 19, at 4 AM IST, CoinDCX security systems detected an incident involving unauthorised access to one of its accounts on the partner exchange, leading to a financial exposure of about USD 44 million.
The incident once again puts the spotlight on mounting security threats in the highly volatile world of cryptocurrencies. Last year, crypto exchange WazirX faced a hack in India, leading to the loss of more than USD 230 million, and marking one of the biggest such heists in India. The theft had prompted a thorough examination of safety measures and eroded sentiments.
CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal took to the social media platform X to address the situation, confirming that the attack was the result of a sophisticated server breach, targeting an internal wallet, not the ones holding customer assets.
The incident was first flagged by blockchain investigator ZachXBT, following which the exchange made the disclosure public.
"Today, one of our internal operational accounts -- used only for liquidity provisioning on a partner exchange -- was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won’t cause any loss to our customers. CoinDCX will be bearing the full amount," Gupta said.
"The total amount lost was USD 44Mn out of our treasury assets. Coindcx Treasury will be bearing these losses," Khandelwal wrote.
Following this, users rushed to check their balances, leading to a spike in withdrawal requests. The sudden surge in activity led to CoinDCX’s portfolio APIs, which display user balances and transaction histories, becoming jammed and unresponsive. For several hours, many were unable to even see their holdings on the app, adding fuel to rumours and anxiety online.
The co-founders later updated that Portfolio APIs have been restored.
Affected infrastructure has been completely isolated, and CoinDCX operations continue to run normally, the company said.
CERT-In, or the Indian Computer Emergency Response Team, has been informed about the incident. Detailed forensics with two globally reputed security agencies is being carried out, and reports will be shared for public benefit, it added.
"CoinDCX services remain fully operational. Trading activity, INR deposits and INR withdrawals continue. INR withdrawals below Rs 5 lakhs will reflect in your account within 5 hours, while withdrawals above Rs 5 lakhs will be processed within 72 hours. The incident was isolated and has no impact on your portfolio access or operations," the company stated.
Social media is flooded with mixed reactions. While some praised CoinDCX for absorbing the losses and protecting user funds, others criticised the delay in public disclosure and raised concerns over the broader security of crypto platforms in India.
"Coindcx silent for 17 hours? That's more suspense than a thriller! In crypto, transparency isn't optional; it's key. Stay open to keep trust alive!" a user wrote.
"Good to see CoinDCX acting responsibly, assuring user funds are safe, and not passing losses onto customers. Sets a positive precedent for Indian crypto exchanges," another said.
Let the Truth be known. If you read VB and like VB, please be a VB Supporter and Help us deliver the Truth to one and all.
Supreme Court declines fresh curbs on hate speech, says existing laws are enough
New Delhi: The Supreme Court of India on Wednesday refused to issue additional directions to curb hate speech across the country, holding that the existing legal framework is sufficient and that the real issue lies in implementation rather than absence of law.
A Bench comprising Justice Vikram Nath and Justice Sandeep Mehta said creation of criminal offences falls within the legislative domain and courts cannot legislate or compel Parliament and state legislatures to enact laws.
The Bench observed that constitutional courts can interpret the law and issue directions for enforcement of fundamental rights, but cannot step into the law-making role.
“At the highest, the court may draw attention to the need for reform. The decision whether and in what manner to legislate remains within the exclusive domain of Parliament and the state legislatures,” the court said.
The court held that the field of hate speech is not legally vacant and said concerns arise mainly from poor enforcement of existing provisions.
It also noted that the Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023, provides a comprehensive mechanism to set criminal law in motion, meaning there is no legislative vacuum.
Referring to remedies already available under the earlier Code of Criminal Procedure (CrPC) and the BNSS, the court said police are duty-bound to register an FIR when a cognisable offence is disclosed, as laid down in the Lalita Kumari judgment.
It said if police fail to register an FIR, an aggrieved person can approach the Superintendent of Police under Section 154(3) of CrPC or Section 173(4) of BNSS, and thereafter move the magistrate under Section 156(3) CrPC or Section 175 BNSS, or file a private complaint under Section 200 CrPC or Section 223 BNSS.
The Bench further held that an order directing investigation under Section 156(3) CrPC does not amount to taking cognisance under Section 190 CrPC or the corresponding Section 210 of BNSS.
Even while declining fresh directions, the court acknowledged the seriousness of the issue.
It observed that hate speech and rumour-mongering directly affect fraternity, dignity and constitutional order.
The Bench urged legislative authorities to consider whether further policy or legal measures are needed in view of changing social challenges, including suggestions made in the 267th Report of the Law Commission in 2017.
The judgment came in a batch of petitions arising from events dating back to 2020, when multiple pleas were filed over alleged communal narratives spread through television channels and social media.
Among the earliest cases were challenges relating to content described as the “Corona Jihad” campaign and a programme aired by Sudarshan TV titled “UPSC Jihad”. During those proceedings, the court had restrained further telecast of the programme.
Later, more petitions were filed over speeches made at religious gatherings described as “Dharam Sansad” events.
These included pleas moved by journalist Qurban Ali and Major General S.G. Vombatkere seeking action against alleged hate speeches made at such forums.
During the pendency of the matter, the Supreme Court in 2023 had issued major directions asking all states and Union Territories to act proactively in cases involving communal hate speeches or remarks hurting religious sentiments.
It had directed police to register FIRs suo motu, without waiting for formal complaints.
Later, contempt petitions were also filed alleging poor implementation of those earlier directions.
