CoinDCX, the India-based crypto exchange backed by Coinbase, is again under scrutiny after a report said its founders were questioned in a fraud-linked probe, adding to a period of heightened legal and security pressure around the platform. The case matters beyond one company: it highlights how Indian investigators are examining whether exchange brands, internal controls, and third-party misuse intersect in crypto-related fraud complaints.
Publicly available reporting does not show that CoinDCX founders Sumit Gupta and Neeraj Khandelwal have been charged in the matter described by the headline. What is documented is a pattern of law-enforcement scrutiny around fraud complaints using the CoinDCX name, alongside separate criminal investigations tied to cybercrime and a major 2025 security breach at the exchange. That distinction is important for readers, investors, and users trying to separate allegations, questioning, and formal charges.
⚠️
No public record reviewed for this article shows a criminal charge against CoinDCX’s founders.
Available reporting points to questioning or investigation activity in fraud-linked matters, while CoinDCX has repeatedly said some complaints involved impersonation, fake domains, or third-party misuse of its brand and accounts. Source review completed March 22, 2026.
Verified CoinDCX Case Markers
| Event | Reported figure | Source | Time reference |
|---|---|---|---|
| CoinDCX security breach | $44 million / about Rs 384 crore | Indian Express, CoinDesk, CoinDCX | July 19, 2025 |
| Engineer arrest in heist probe | 1 employee arrested | CoinDesk, Moneycontrol, Indian Express | July-August 2025 |
| Fake-site complaints using CoinDCX name | More than 100 fake profiles, per company | CoinDCX, Indian Express | January 2024 reporting / September 2023 warning |
| ED attachment in cyber-fraud probe | Rs 8.46 crore across 92 accounts | Inc42, The Head and Tale | November-December 2025 reporting |
Source: CoinDesk, Indian Express, Moneycontrol, CoinDCX statements | Reviewed March 22, 2026
July 19, 2025 breach set the backdrop for tougher scrutiny
The most concrete recent legal and operational pressure on CoinDCX came from the exchange’s July 19, 2025 security incident. CoinDCX said in a later public update that the threat was contained and customer funds were safe, while Indian Express reported that Neblio Technologies, the company operating CoinDCX, told police that crypto worth about $44 million, or roughly Rs 384 crore, was transferred from a company wallet to six accounts. CoinDesk separately reported the theft at 3.79 billion rupees, or about $43.4 million, when covering the subsequent arrest of a software engineer.
That episode matters because it established a recent record of police engagement with CoinDCX’s internal systems, employee access, and wallet controls. Indian Express reported that investigators believed malware had been installed on an employee laptop, while Moneycontrol said the company’s internal probe found compromised credentials on the office laptop of the arrested engineer. CoinDCX co-founder Neeraj Khandelwal also discussed a recovery bounty after the incident, underscoring that the company treated the breach as a major criminal event rather than a routine operational issue.
CoinDCX Fraud and Security Timeline
September 28, 2023: CoinDCX publishes a warning about Telegram impostors and phishing schemes, saying fake accounts were impersonating co-founders Sumit Gupta and Neeraj Khandelwal.
January 2024 reporting: Indian Express reports FIR-linked complaints involving fake websites and URLs masquerading as CoinDCX; the company says the case is unrelated to its official app or website.
July 19, 2025: CoinDCX suffers a security incident involving about $44 million in crypto, according to company and media reporting.
July-August 2025: Police arrest a CoinDCX engineer as part of the heist investigation, according to CoinDesk, Indian Express, and Moneycontrol.
November-December 2025: Reports say the Enforcement Directorate attached Rs 8.46 crore across 92 bank and crypto accounts in a cyber-fraud probe that included CoinDCX-linked accounts.
What is driving fraud complaints tied to the CoinDCX name?
One recurring theme in the public record is impersonation. In September 2023, CoinDCX warned users about Telegram impostors and phishing schemes, stating that neither its co-founders nor employees would ask for deposits, OTPs, or direct transfers. The company named fake accounts impersonating Sumit Gupta and Neeraj Khandelwal as part of that warning.
That warning aligned with Indian Express reporting published in January 2024. The newspaper said Delhi Police had registered an FIR after complaints involving a cryptocurrency investment platform named CoinDCX, but the company responded that the specific incident involved fraudulent websites and URLs masquerading as the exchange. CoinDCX said the case was not related to its official app or website and added that more than 100 fake profiles had been created using its name.
For readers, the key distinction is that a fraud complaint can mention a platform brand without proving the platform itself operated the scam. In crypto, that gap is significant because fake domains, cloned apps, Telegram groups, and OTC-style payment channels often mimic legitimate exchanges. CoinDCX’s own support materials still direct users to report unauthorized use of the brand through official channels, indicating the company continues to treat impersonation as an active risk.
Questioning vs Charges in the CoinDCX Story
| Status | What public reporting supports | What is not established in reviewed sources |
|---|---|---|
| Founders questioned | Possible in report-driven coverage of fraud-linked inquiry | Formal guilt or criminal liability |
| Fraud complaints using CoinDCX name | Yes, including fake-site and impersonation cases | That all such cases originated from CoinDCX systems |
| Police probe into CoinDCX-linked events | Yes, including 2025 heist investigation | Public proof of founder indictment in reviewed material |
| Regulatory attention to CoinDCX-linked accounts | Yes, in ED-linked reporting on cyber-fraud money trails | Public finding that CoinDCX itself ran the fraud scheme |
Source: Indian Express, CoinDesk, CoinDCX, Inc42, The Head and Tale | Reviewed March 22, 2026
Rs 8.46 crore attachment shows how probes now follow money trails
Separately from the fake-site complaints and the 2025 exchange breach, Indian media reports in late 2025 said the Enforcement Directorate attached Rs 8.46 crore across 92 bank and crypto accounts in a cyber-fraud investigation. Those reports said CoinDCX-linked accounts were among the accounts examined as investigators traced how scam proceeds were converted into USDT through peer-to-peer channels and other crypto rails.
This is a different type of pressure than a direct hack or a consumer complaint. It reflects a broader enforcement pattern in India: agencies are not only looking at who launched a scheme, but also at where funds moved, which exchange accounts were used, and whether KYC and transaction monitoring were sufficient. CoinDCX has previously emphasized its FIU registration and compliance posture under India’s anti-money-laundering framework, which is relevant because investigators increasingly judge exchanges on their ability to detect suspicious flows, not just on whether they were the original source of fraud.
ℹ️
The central issue is not only whether a scam used the CoinDCX brand, but whether exchange-linked accounts or controls appear in the money trail.
That is why separate events—fake websites, phishing, wallet theft, and account misuse—can all feed into broader law-enforcement scrutiny. Sources reviewed March 22, 2026.
What March 2026 readers should watch in this case
The next meaningful developments are likely to be procedural, not promotional. Readers should watch for any FIR details naming individuals, any court filings, any formal police statement clarifying whether founders were witnesses or suspects, and any company disclosure addressing the scope of questioning. As of March 22, 2026, the reviewed public sources support scrutiny and questioning in fraud-linked contexts, but they do not establish a public criminal charge against CoinDCX’s founders.
That nuance matters for U.S. readers because “Coinbase-backed” signals venture backing, not operational control. Coinbase’s investment history may shape attention on the story, but the available reporting centers on Indian law enforcement, CoinDCX’s own operating entity Neblio Technologies, and local fraud or cybercrime investigations. The legal and reputational consequences will depend on what investigators can prove about platform controls, account misuse, and the founders’ knowledge or role, if any.
Frequently Asked Questions
Were CoinDCX’s founders charged with fraud?
Based on the public sources reviewed on March 22, 2026, no reviewed report establishes that CoinDCX co-founders Sumit Gupta or Neeraj Khandelwal were formally charged in the fraud-linked matters discussed here. Reporting supports questioning or investigation activity, which is not the same as a criminal charge.
What is the biggest confirmed recent case involving CoinDCX?
The clearest confirmed recent case is the July 19, 2025 security breach. CoinDCX and multiple media outlets reported losses of about $44 million, or roughly Rs 384 crore to 3.79 billion rupees, followed by a police investigation and an employee arrest.
Did scammers use fake CoinDCX websites or social accounts?
Yes. CoinDCX warned in September 2023 about Telegram impostors impersonating its founders, and Indian Express reported in January 2024 that the company said certain fraud complaints involved fake websites or URLs masquerading as CoinDCX. The company also said more than 100 fake profiles had used its name.
Why are enforcement agencies interested in CoinDCX-linked accounts?
Late-2025 reporting said the Enforcement Directorate attached Rs 8.46 crore across 92 accounts in a cyber-fraud probe and that CoinDCX-linked accounts appeared in the money trail. That does not by itself prove exchange wrongdoing, but it shows investigators are tracing how scam proceeds move through crypto platforms.
What should users verify before trusting a CoinDCX-related message or website?
Users should verify the exact domain, avoid Telegram or social-media direct messages asking for deposits or OTPs, and report unauthorized brand use through official support channels. CoinDCX’s own warnings say its founders and employees will not ask users for direct fund transfers or OTPs.
Disclaimer: This article is for informational purposes only. Information may have changed since publication. Always verify information independently and consult qualified professionals for specific advice.
