Cryptocurrency and Cyber Attacks in India Related Issues

Reference

The use of cryptocurrency in India is growing rapidly but the sector is still largely unregulated. Recently, cyber attacks on two major Indian crypto exchanges ‘CoinDCX’ (July 19, 2025) and ‘WazirX’ (July 18, 2024) have raised concerns among investors.

What is cryptocurrency

• Definition: Cryptocurrency is a digital or virtual currency based on blockchain technology and secured by cryptography. For example Bitcoin, Ether and other tokens.
• Features
  • Decentralized: Not controlled by any central authority (eg- bank).
  • Transparent: Transactions are recorded on the blockchain.
  • Secure: Protected by cryptographic technology
  • Uses: Investments, payments and smart contracts
• Regulation in India:
  • Although cryptocurrencies are not completely unregulated in India, there is currently no comprehensive legal framework available.
  • Exchanges registered under the Financial Intelligence Unit (FIU) follow anti-money laundering (AML) and KYC regulations.
  • RBI allows banks to transact with crypto exchanges (2021) but crypto is not given legal tender status.
  • 30% tax and 1% TDS applicable on crypto transactions from March 2022.

Recent Cyber Attacks

• CoinDCX (July 2025)
  • On July 19, CoinDCX reported that one of its internal operational accounts was hacked.
  • This account was used for liquidity provisioning on a partner exchange.
  • Damage: $44 million (approximately ₹370 crores), CoinDCX claims to bear it from its reserves.
  • Impact: Customer wallets safe but complaints of withdrawal delays
  • Response: CERT-In informed, collaboration with blockchain forensics firms and launch of recovery bounty program
  • Controversy: Alleged 17 hours delay in informing users
• WazirX (July 2024)
  • Multi-signature wallet attacked by North Korean cybercriminals
  • Damage: $230 million (approximately ₹1900 crores), customer funds directly affected
  • Impact: Users' access to crypto blocked indefinitely
  • Response: Legal restructuring of crypto exchange in Singapore but first restructuring proposal rejected by Singapore High Court
  • Controversies: Delay in notifying users and ownership dispute with Binance

Message for crypto investors in India

• Self-custody: Experts recommend that investors use hardware cold wallets, which are offline and provide full control.
• Security measures: Use multi-factor authentication (MFA) and strong passwords
• Risk awareness: Remember the principle of ‘not your keys, not your crypto’ i.e. funds kept on the exchange are not completely in your control.
• Trustworthiness: Choose only FIU-registered exchanges and trusted hardware wallets
• Monitoring: Be cautious during times of surge in crypto prices as the risk of cyber attacks increases.

Challenges

• Lack of regulation: There is no comprehensive legal framework for cryptocurrencies in India, which limits government support in times of crisis.
• Cybersecurity: Vulnerabilities in hot wallets and third-party services, such as smart contract faults and credential theft.
• User trust: Delayed notifications and blocked access to funds eroded investor confidence.
• Global risks: North Korean hackers target global cybercriminal crypto exchanges.
• Technical limitations: Small exchanges lack advanced cybersecurity and blockchain forensics

Way forward

• Regulatory framework: Government should formulate clear laws for cryptocurrencies, including investor protection and cybersecurity standards.
• Cybersecurity: Exchanges should implement advanced security protocols.
• Transparency: Develop policies for immediate and clear communication in case of a hack
• Investor education: Conduct awareness campaigns on crypto risks and self-custody options
• International collaboration: Increase collaboration with CERT-In and global blockchain forensics firms
• Fund recovery: Strengthen recovery of stolen funds through bounty programs and blockchain tracking