After a $44.2 million hack on CoinDCX, experts advise Indian crypto investors to prioritise self-custody, choose insured platforms, and adopt stringent personal security practices to safeguard digital assets.
CoinDCX Hack Sparks Urgent Call for Tighter Crypto Security Practices
A recent breach of CoinDCX, one of India’s leading cryptocurrency exchanges, has reignited concerns over digital asset security. The platform confirmed that $44.2 million (around ₹387 crore) was siphoned from one of its internal hot wallets, marking the second-largest crypto exchange hack in India’s history. Fortunately, customer wallets remained unaffected.
The incident follows the record-breaking $235 million theft from WazirX in 2024, underlining the growing risks faced by investors as India’s crypto user base expands rapidly.
‘Understand How Your Assets Are Stored,’ Say Experts
“Customers must assess their personal exposure. They must understand how their assets are stored, the risk controls that are in place, and whether the platform offers transparency on wallet management,” said Himanshu Maradiya, founder and chairman of CIFDAQ.
As more Indians flock to cryptocurrency trading, experts are urging them to be vigilant about platform security protocols and to better understand the inner workings of exchanges before trusting them with their funds.
Cold Wallets and Insurance: Essential Security Foundations
Ashish Singhal, co-founder of CoinSwitch, stressed the need for exchanges to maintain strict segregation of funds. “Customer funds should be completely separated from the company’s operational accounts using segregated wallets,” he advised.
To guard against cyberattacks, Vikram Subburaj, CEO and co-founder of Giottus, recommended that the bulk of assets be stored offline. “The cold wallet should ideally be managed by a renowned wallet service provider. It should also be insured so that losses incurred in the event of a hack are covered,” he said.
Subburaj added that penetration testing by ethical hackers and publishing regular proof of reserves (POR) are critical steps, though not sufficient on their own. “Only a regulator-approved audit can provide a full picture of an exchange’s solvency,” he warned.
Regulations, Certifications, and Red Flags
Certifications such as ISO 27001 indicate adherence to global data protection standards. Singhal also emphasised the importance of FIU registration. “It shows that the platform is operating under existing laws and following anti-money laundering norms,” he said.
Investors are advised to favour exchanges that publish frequent transparency reports and maintain a strict 1:1 asset ratio.
Self-Custody: A Safer Haven for Long-Term Crypto Holders
For long-term investors, self-custody remains the most secure option. “Storing with an exchange leads to centralisation. Once this happens, exchanges become the targets of hackers,” said Subburaj, who recommends transferring crypto to an exchange only when necessary for trading.
Frequent traders may still rely on exchanges, but only after verifying the platform’s security credentials. “Store your crypto holdings with an exchange if it can be trusted, and you have done your homework on its safety,” Singhal noted.
Personal Security: Two-Factor, Whitelists, and Hardware Wallets
Investors are urged to take proactive steps in securing their own accounts. “This should preferably be done via an app like Authy or Google Authenticator, and not via SMS,” said Maradiya, referring to two-factor authentication. For advanced users, hardware security keys like Yubikey and cold wallets are strongly recommended.
Withdrawal whitelists, login alerts, automatic logouts, and password managers further enhance protection. Maradiya added, “Hardware wallets significantly reduce the risk of exchange hacks, third-party failures, or phishing attacks.”
Offline storage of seed phrases, regular security audits, and software updates are also essential. Avoiding suspicious links and refraining from entering recovery phrases online are simple yet crucial habits.
As crypto adoption grows, the emphasis on security has never been greater. For Indian investors, the message is clear: trust must be earned—and verified.