BTC/USD $68,420 +2.8%
ETH/USD $3,540 +1.4%
SOL/USD $142.80 -0.6%
BNB/USD $605.20 +0.9%
XRP/USD $0.62 -1.2%
DOGE/USD $0.18 +5.4%
BTC/USD $68,420 +2.8%
ETH/USD $3,540 +1.4%
SOL/USD $142.80 -0.6%
BNB/USD $605.20 +0.9%
XRP/USD $0.62 -1.2%
DOGE/USD $0.18 +5.4%
Markets

Is It Safe to Keep Crypto on Indian Exchanges Like WazirX or CoinDCX?

BitcoinWorld Is It Safe to Keep Crypto on Indian Exchanges Like WazirX or CoinDCX? Keeping crypto on any Indian exchange carries some inherent risk – a truth both WazirX and CoinDCX users lea

AnonymousCryptoCompass newsroom
July 16, 2026
7 min read
NEWS
Hero article visual / chart / editorial image
CryptoCompass editorial visual for markets coverage.

BitcoinWorldIs It Safe to Keep Crypto on Indian Exchanges Like WazirX or CoinDCX?

Keeping crypto on any Indian exchange carries some inherent risk  –  a truth both WazirX and CoinDCX users learned firsthand in back-to-back years. WazirX lost roughly $230 million of user assets to a wallet hack in July 2024, and CoinDCX lost about $44 million from an internal operational wallet in July 2025  –  almost exactly a year apart. Both exchanges remain FIU-registered and operational in 2026, but the nature and impact of each breach were very different. This article breaks down what actually happened at each exchange, how exposed ordinary users were in each case, and what that means for anyone currently holding crypto on either platform. 

 

What Happened at WazirX, and Is the Risk Still Live?

The WazirX hack directly affected customer holdings, which is what makes it the more serious case for users evaluating current risk.

  • What happened: In July 2024, attackers manipulated a multisig wallet held under a third-party custody arrangement with Liminal, gaining control without needing WazirX’s own keys, and drained close to $235 million  –  nearly half the exchange’s reserves. The attack has been attributed to North Korea’s Lazarus Group.
  • Immediate impact: WazirX froze withdrawals and trading for more than a year while a Singapore court-supervised restructuring process played out.
  • Where things stand in 2026: WazirX restarted operations in October 2025, and eligible users received an initial distribution of roughly 85% of their pre-hack balances. The remaining 15% was converted into non-tradable “Recovery Tokens” issued in January 2026, whose value depends entirely on WazirX generating future profits to fund buybacks  –  a threshold the exchange has not publicly confirmed meeting each quarter.
  • What it means for current users: New deposits made on WazirX today are legally separate from the 2024 recovery pool and are fully liquid. However, the platform’s market share has fallen sharply, and some users continue to report calculation discrepancies and slower-than-expected resolution of the outstanding 15%.

 

What Happened at CoinDCX, and How Different Was the Impact?

The CoinDCX breach targeted company infrastructure, not customer wallets, which is the key distinction from the WazirX case.

  • What happened: In July 2025, attackers compromised an internal operational account used solely for liquidity provisioning on a partner exchange, siphoning around $44 million in USDC and USDT. The breach also carried hallmarks associated with North Korea-linked threat actors, per outside forensic analysis, though attribution was not officially confirmed.
  • Immediate impact: Because customer assets were held in segregated, offline cold wallets structurally separated from the compromised system, no user funds were touched. INR withdrawals continued throughout, and CoinDCX confirmed all pending withdrawal requests were processed within days.
  • How CoinDCX absorbed the loss: The exchange covered the full $44 million from its own treasury reserves rather than passing any cost to users, and launched a recovery bounty program offering up to 25% of any recovered funds to those who help trace the stolen assets.
  • What it means for current users: Unlike WazirX users, CoinDCX customers experienced no loss of access or funds  –  the incident was, from a user’s perspective, largely an operational and reputational event for the exchange rather than a direct financial one.

 

So  –  Is It Safe to Keep Crypto There Right Now?

Both exchanges are operational, FIU-registered, and actively used by millions of Indians in 2026, but the risk profile for existing balances differs.

  • On WazirX: Any new funds deposited after the October 2025 restart are not tied to the 2024 recovery process and are treated as fully liquid. Funds from before the hack, however, may still be partially represented by non-tradable Recovery Tokens rather than accessible balances  –  this isn’t a “safety” issue in the day-to-day sense, but it is an ongoing liquidity constraint worth understanding before assuming your full balance is available.
  • On CoinDCX: The 2025 incident did not compromise user funds, and the exchange’s segregated cold-storage architecture is the reason why. That said, no exchange can promise no future incident, and the same class of infrastructure attack could in theory target any platform’s operational systems again.
  • The broader industry context: 2025 was one of the worst years on record for centralized exchange breaches globally, with more than $2 billion stolen industry-wide in the first half of the year alone, and recovery rates across the industry remaining below 10%. Indian exchanges are not unusually unsafe by global standards  –  they are operating in the same high-threat environment as every other centralized platform worldwide.

 

What Should You Actually Do With Crypto Held on These Platforms?

Rather than asking “is the exchange safe” as a yes/no question, treat exchange custody as a risk to actively manage.

  • Don’t treat any exchange as long-term cold storage: Move significant holdings you don’t need for active trading to a personal hardware wallet under your own custody.
  • Track your WazirX Recovery Token status if applicable: If you held funds on WazirX at the time of the 2024 hack, check your allocation in the app’s Funds tab and stay aware that buybacks depend on the exchange’s quarterly performance, reviewed every three months.
  • Use CoinDCX’s proof-of-reserves and incident disclosures as a model of transparency: and apply the same scrutiny to any platform  –  check whether it publishes verifiable reserve data and how quickly it discloses incidents.
  • Keep 2FA on an authenticator app, use withdrawal whitelisting, and avoid leaving idle balances in margin or derivatives positions on either platform, since these are best practices regardless of which exchange you use.

 

Frequently Asked Questions

Did WazirX or CoinDCX users lose money permanently?

WazirX users experienced a direct and ongoing impact: roughly 15% of pre-hack balances remain locked in Recovery Tokens as of mid-2026, with final recovery uncertain and dependent on the exchange’s future profits. CoinDCX users experienced no direct financial loss  –  the $44 million stolen in 2025 came entirely from company reserves, and the exchange absorbed the cost itself.

Is it still risky to sign up for WazirX or CoinDCX today?

Both platforms are FIU-registered and legally operating in India in 2026. New funds deposited today are not entangled in either exchange’s past incident. As with any centralized exchange, ordinary security practices  –  2FA, withdrawal whitelisting, and not over-holding balances  –  remain the most effective way to manage personal risk.

Which exchange handled its security incident better?

Independent of platform preference, CoinDCX’s incident is generally regarded as better contained from a user-impact standpoint, since customer funds were fully protected by architecture that segregated them from the compromised system. WazirX’s incident directly affected user assets and has required a much longer, court-supervised recovery process that remains incomplete.

 

Conclusion: Two Hacks, Two Very Different Outcomes for Users

Keeping crypto on WazirX or CoinDCX in 2026 is not inherently unsafe, but the two exchanges’ 2024 and 2025 incidents illustrate exactly why architecture matters more than headlines. A hack that hits segregated company reserves, as at CoinDCX, can leave users completely unaffected. A hack that hits the wallet holding customer assets, as at WazirX, can lock up user funds for years. Whichever platform you use, the safest approach is the same: verify FIU registration, understand exactly where your funds are held, and don’t leave more on any exchange than you’re actively trading with.

This post Is It Safe to Keep Crypto on Indian Exchanges Like WazirX or CoinDCX? first appeared on BitcoinWorld.