CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal have been arrested by Thane Police on criminal breach of trust charges, according to Cointelegraph and The Economic Times. The arrest escalates a case that began with police questioning just one day earlier, on March 21, 2026, over a First Information Report tied to an Rs 71 lakh (approximately $85,000) fraud.
The exchange, which counts Coinbase among its backers, maintains that the fraud was committed by impersonators who cloned its platform, not by the company itself.
From Questioning to Arrest in 24 Hours
On March 21, Gupta and Khandelwal were called to a Mumbra police station for questioning after a 42-year-old insurance consultant filed an FIR alleging he lost Rs 71.6 lakh through what he believed was CoinDCX's platform. Multiple outlets, including Inc42, CryptoTimes, and Entrackr, reported the founders were questioned and released.
One day later, the situation changed. The Economic Times reported that the pair were arrested by Thane Police on allegations of criminal breach of trust. Cointelegraph confirmed the arrest in a post on X, describing the charges as "criminal breach of trust."
Criminal breach of trust under India's Bharatiya Nyaya Sanhita (formerly IPC Section 405) carries a potential sentence of up to seven years in prison. The charge applies when someone entrusted with property or dominion over it misappropriates or converts it for personal use. It is a more serious allegation than simple cheating, and its application here suggests police believe the founders had some level of responsibility for the lost funds, whether through negligence or direct involvement.
It is worth noting that some outlets continue to describe the situation as questioning rather than arrest. The conflicting reports may reflect the speed at which the case is developing, or differences in how Indian law enforcement actions are characterized before formal charge sheets are filed.
The Case Rests on a $10 Domain
The fraud at the center of this case did not involve a protocol exploit, a smart contract bug, or a sophisticated attack on CoinDCX's infrastructure. It involved a clone website.
The complainant was lured into investing through coindcx.pro, a domain that copied the exchange's branding, user interface, and even the identities of its founders. The money went to third-party bank accounts unrelated to CoinDCX. According to Inc42, the victim did not contact the actual company before filing the police complaint.
CoinDCX says it has identified more than 1,212 websites impersonating its platform between April 2024 and January 2026. That is roughly two new fake CoinDCX sites every day for nearly two years.
"The FIR filed against our co-founders is false and filed as a conspiracy against CoinDCX by impersonators," the company stated on X. "Impersonators posed as founders to cheat the public."
Why This Matters Beyond One Fraud Case
The legal question here is whether exchange founders can be held criminally responsible when their brand is impersonated. If the FIR leads to formal charges and prosecution, it would create a precedent that could affect every crypto exchange operating in India.
India has an estimated 100 million crypto holders operating under a 30% flat tax on gains and a 1% TDS on transactions above Rs 10,000. The regulatory environment is already hostile. If exchange founders face arrest every time a scam uses their brand, the incentive to operate a licensed exchange in India drops significantly.
CoinDCX is not a fringe operation. It is one of India's largest crypto exchanges, backed by Coinbase Ventures, and has been actively cooperating with regulators. The company also survived a $44.2 million hack in July 2025, when social engineers tricked an employee into installing malware. CoinDCX absorbed that loss and launched India's largest crypto recovery bounty.
The pattern is becoming familiar across emerging crypto markets: exchanges invest in compliance and security, but the legal system targets them for crimes committed by third parties using their name.
Brand Spoofing Is a Structural Problem, Not a CoinDCX Problem
CoinDCX's 1,212 fake websites are not an outlier. Binance, Coinbase, and dozens of other exchanges have dealt with thousands of phishing domains. Google's Threat Analysis Group recently identified iOS malware specifically targeting crypto wallet and exchange apps, including Coinbase and MetaMask.
The cost of spinning up a convincing exchange clone is trivial: a $10 domain, a free SSL certificate, and a few hours of work copying a website's frontend. The cost of defending against it, legally and technically, runs into hundreds of thousands of dollars per year for major exchanges.
For users, the defense remains straightforward:
- Verify the URL. CoinDCX's legitimate domain is coindcx.com. Variations like coindcx.pro, coindcx.net, or coindcx-exchange.com are fraudulent.
- Ignore unsolicited investment pitches. Legitimate exchanges do not cold-call users with "high-return" offers.
- Use official app store downloads. Access exchanges through their verified iOS or Android apps, not through links in messages or emails.
Self-custody wallets like MetaMask or hardware solutions like Ledger eliminate exchange counterparty risk entirely, though they come with their own responsibility: lose your seed phrase, and no customer support line exists to recover your funds.
Market Context
Bitcoin traded at $68,617 and ETH at $2,080 as of March 22, 2026. The Fear and Greed Index sat at 27, firmly in fear territory. BTC is down 2.8% over 24 hours and 4.5% over seven days. The broader pullback has nothing to do with the CoinDCX case, but fearful markets tend to correlate with increased scam activity as anxious investors become easier targets for too-good-to-be-true pitches.
Overview
CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal have been arrested by Thane Police on criminal breach of trust charges, one day after being questioned over an Rs 71 lakh ($85,000) fraud committed through a clone website. CoinDCX denies involvement, blaming impersonators who built 1,212 fake versions of its platform. The arrest of founders at a Coinbase-backed exchange over a third-party phishing scam raises questions about legal liability for brand impersonation in India's crypto market. The case is ongoing.
