WazirX is India’s most widely used centralized cryptocurrency exchange, with over 16 million registered users as of 2025. It supports 300 or more cryptocurrencies across INR and USDT trading pairs, offers a P2P engine for fiat deposits and withdrawals, and uses BitGo as its institutional-grade custody provider. If you want to build a crypto exchange app like WazirX, you need to understand exactly how the platform was built, what it requires to operate legally in India, and what the actual costs look like.
This guide covers every part of that process: the core components of a centralized exchange, India-specific regulatory requirements, the technology stack, security architecture, business model, and realistic cost range. The information here is factual and complete.
Key Takeaways
- FIU Registration Is Mandatory: Any crypto exchange operating in India must register as a Reporting Entity with the Financial Intelligence Unit (FIU-IND) under the Prevention of Money Laundering Act. Operating without it is illegal.
- Company Incorporation Comes First: You must register a Private Limited Company under the Companies Act 2013 and obtain a GSTIN before launching any exchange operations in India.
- Five Core Technical Components: Every centralized crypto exchange requires a matching engine, wallet system, KYC and AML module, admin panel, and user-facing trading interface.
- P2P Engine for INR: WazirX processes INR deposits and withdrawals through a peer-to-peer matching engine. Any exchange targeting Indian users needs a reliable INR on-ramp via UPI, NEFT, IMPS, or P2P.
- Hot and Cold Wallet Architecture: The exchange must hold the majority of user funds in cold (offline) wallets, with only a small float in hot wallets for active withdrawals. WazirX uses BitGo for institutional custody.
- 30% Tax and 1% TDS: Indian crypto regulations require exchanges to deduct 1% TDS on every transaction. Profits from VDA trading are taxed at 30% with no deductions allowed except cost of acquisition.
- SEBI May Regulate Soon: From April 2025, SEBI oversees crypto tokens that resemble securities. A formal licensing regime similar to stock brokers may be introduced. Exchanges should monitor SEBI circulars actively.
- Cost Range: The total estimated initial investment to build and launch a centralized crypto exchange in India ranges from INR 1 crore to INR 3 crores or more, depending on feature scope and compliance depth.
- Security Is the Highest Priority: India’s crypto market has seen multiple exchange hacks. Multi-signature wallets, two-factor authentication, DDoS protection, and regular security audits are non-negotiable for any production exchange.
What Is a Centralized Crypto Exchange and How Does It Work?
A centralized cryptocurrency exchange (CEX) is a platform operated by a company that acts as an intermediary between buyers and sellers of digital assets. The exchange holds user funds in custodial wallets, matches buy and sell orders through its own matching engine, and settles trades internally rather than on-chain. Users do not control their private keys. The exchange controls all wallets on their behalf.
WazirX is a classic example of this model. Users deposit INR or crypto into their WazirX account. The exchange holds those funds in its custody system. When a user places a buy order, WazirX’s matching engine finds a corresponding sell order at the requested price and executes the trade within its own database. No blockchain transaction happens until a user withdraws their funds to an external wallet.
A detailed explanation of how this model works technically, including how order books function and how liquidity is managed, is covered in the full Centralized Exchange Guide, which is worth reviewing before making architectural decisions for a new platform.[1]
Legal Requirements to Launch a Crypto Exchange in India
India does not have a single comprehensive crypto law as of 2026, but crypto exchanges face clear mandatory obligations. Failing to meet any of them can result in penalties, platform blocking, or criminal liability for company directors.
Step 1: Incorporate a Legal Entity
The first step is registering a Private Limited Company under the Companies Act 2013 with the Ministry of Corporate Affairs. This is the standard structure for fintech startups in India. After incorporation, the company must obtain a GSTIN (Goods and Services Tax Identification Number) since crypto trading services attract GST obligations. Operating as an unregistered entity is not legally viable for an exchange that handles INR transactions with Indian users.
Step 2: Register with FIU-IND Under PMLA
Since March 7, 2023, all Virtual Digital Asset Service Providers (VDASPs) in India must register with the Financial Intelligence Unit of India (FIU-IND) as Reporting Entities under the Prevention of Money Laundering Act. This registration is mandatory and applies to every exchange, wallet provider, or platform that handles crypto assets for Indian users. Registration requires submitting compliance documentation through FIU-IND’s FINnet Gateway portal and appointing a qualified Principal Officer who will act as the primary compliance contact.[2]
Step 3: Implement KYC, AML, and Transaction Monitoring
After FIU registration, the exchange must implement a full Know Your Customer verification process for all users, including PAN and Aadhaar verification at account opening. The FATF Travel Rule applies: exchanges must collect and share sender and receiver details on crypto transfers. Suspicious Transaction Reports (STRs) must be filed with FIU-IND. Transaction records must be retained for a minimum of five years. Real-time monitoring systems must flag unusual activity automatically.
Step 4: Comply with VDA Tax Rules
Indian crypto regulations require exchanges to deduct 1% Tax Deducted at Source (TDS) on every crypto transaction under Section 194S of the Income Tax Act. Profits from Virtual Digital Asset (VDA) trading are taxed at a flat 30% with no deductions allowed except the cost of acquisition. The exchange is legally responsible for deducting and remitting this TDS on behalf of users. Failure to do so results in penalties for the exchange, not just the user.[3]
Watch for SEBI Regulations
From April 1, 2025, SEBI oversees crypto tokens that resemble securities, specifically those offering voting rights, dividends, or returns based on third-party efforts. Bitcoin and Ethereum are treated as digital commodities under the existing VDA framework. Many altcoins, particularly those launched via ICOs or STOs, now fall under SEBI scrutiny with stricter disclosure requirements. A formal licensing regime for crypto exchanges similar to stock brokers has been discussed but had not yet been formally enacted as of 2026. Exchanges should join the Bharat Web3 Association for early access to regulatory consultations.
Core Technical Components of a Crypto Exchange Like WazirX
Building a centralized crypto exchange requires several technical systems working together. Each one is essential. Removing or simplifying any of them creates either a poor user experience or a security vulnerability.
Matching Engine
The matching engine is the heart of the exchange. It receives buy and sell orders, finds matching counterparties, executes trades, and updates account balances in real time. WazirX’s matching engine must process thousands of orders per second during peak trading periods without errors or delays. Performance requirements for a production matching engine are extremely demanding. It must operate with sub-millisecond latency and be able to handle sudden spikes in volume during market volatility without degrading.
Wallet Infrastructure
The exchange needs a wallet system for every cryptocurrency it supports. This includes both hot wallets (online, for active withdrawals) and cold wallets (offline, for secure storage of the majority of user funds). WazirX uses BitGo for institutional-grade custody. For a new exchange, the wallet system must support automatic fund sweeping from hot to cold wallets, multi-signature transaction approval, and withdrawal address whitelisting. The ratio of funds in cold wallets should be at least 95% of total holdings for most exchanges.[4]
INR On-Ramp and P2P Engine
WazirX built its own auto-matching P2P engine specifically to handle INR deposits and withdrawals when Indian banks were restricted from dealing with crypto businesses. Even with that restriction lifted, P2P remains one of WazirX’s key features. For a new exchange targeting Indian users, INR integration is essential. Options include UPI integration through a payment gateway, NEFT and IMPS bank transfer support, and a P2P marketplace where users trade INR directly with each other. Each option requires arrangements with RBI-approved payment processors.
KYC and AML Module
This is not optional for any Indian exchange. The KYC module must verify PAN and Aadhaar at account opening, run sanctions screening, monitor ongoing transaction patterns, and automatically flag accounts that meet STR criteria. Third-party KYC providers such as IDFY, Signzy, or Onfido can be integrated rather than building this from scratch. The AML module must be connected to the matching engine so that flagged accounts can be suspended in real time without manual intervention.
Trading Interface and Mobile App
WazirX is available on Web, Android, iOS, Windows, and Mac. Its mobile app supports Hindi, Tamil, Telugu, and other Indian languages. For a new exchange, mobile-first design is essential given India’s smartphone-heavy user base. The trading interface must include real-time price charts (typically via TradingView integration), order book display, order placement forms for market and limit orders, portfolio summary, and transaction history. The interface must be fast and stable on 4G connections, which is what most Indian mobile users have.
Admin Panel and Reporting
The exchange operator needs an admin dashboard covering user management, KYC review queue, withdrawal approval workflows, fee management, trading pair configuration, and compliance reporting for FIU-IND submissions. The admin panel must also generate the TDS reports required under Section 194S for every transaction processed on the platform.[5]
Technology Stack for a Centralized Crypto Exchange
The technology choices made during development directly affect the exchange’s performance, security, and ability to scale. The full breakdown of what a technology stack for centralized exchange development looks like covers each layer in detail, but the key choices are summarized below.
| Component | Common Technology Choices |
|---|---|
| Matching Engine | C++, Go, or Rust for low-latency performance |
| Backend API | Node.js, Go, or Java with REST and WebSocket APIs |
| Database | PostgreSQL for trade records, Redis for real-time order book |
| Frontend | React.js or Next.js for web, React Native for mobile |
| Wallet Management | Custom node integration or BitGo / Fireblocks SDK |
| KYC / AML | IDFY, Signzy, Onfido API integration |
| Payment Gateway | RBI-approved processors for UPI and bank transfers |
| Infrastructure | AWS or GCP with auto-scaling, load balancing, Indian data centers |
| Charts | TradingView charting library |
How to Secure a Crypto Exchange App Like WazirX
Security is the highest priority for any centralized crypto exchange. India’s crypto market has seen multiple major incidents, the most significant being the WazirX hack in July 2024, where approximately $230 million was stolen from the exchange’s multi-signature wallet by a sophisticated attack. Understanding the security risks in crypto exchanges is essential before building one.
Hot and Cold Wallet Separation
The exchange must keep the vast majority of user funds (at least 95%) in cold wallets that are completely offline and not accessible over the internet. Only the float needed for active user withdrawals should be kept in hot wallets. Cold wallets should require physical access and multi-person authorization for any movement of funds. This is the single most important security control for preventing large-scale theft.
Multi-Signature Wallets
All significant fund movements must require signatures from multiple independent keys held by different people or systems. A 2-of-3 or 3-of-5 multi-sig structure is standard. The WazirX 2024 hack exploited a weakness in the multi-sig arrangement where one key holder’s device was compromised. The lesson is that multi-sig alone is insufficient if all signers use connected devices. At least one signing key should be held in a hardware security module (HSM) that is air-gapped from the internet.[6]
Two-Factor Authentication and Session Management
All user accounts must enforce two-factor authentication (2FA) using authenticator apps rather than SMS, which is susceptible to SIM swap attacks. Withdrawal addresses must go through a whitelist approval process with a mandatory time-lock period before new addresses become active. Active sessions should be tied to device fingerprints and IP addresses with automatic logout on suspicious changes.
DDoS Protection and Rate Limiting
Crypto exchanges are frequent targets of Distributed Denial of Service (DDoS) attacks, particularly during market volatility when disrupting the platform has the most impact on traders. Infrastructure must be placed behind a CDN with DDoS mitigation built in. API rate limiting must be enforced at the gateway level to prevent both DDoS attacks and automated market manipulation bots.
Regular Security Audits and Penetration Testing
The exchange codebase, infrastructure, and smart contract interactions (for any blockchain integrations) must undergo regular security audits by independent firms. Penetration testing should be conducted at least twice per year and after any major update to the matching engine, wallet system, or user-facing application. A bug bounty program that pays researchers for responsibly disclosing vulnerabilities is standard practice among credible exchanges. The full security risks in crypto exchanges checklist covers all controls that should be in place before any exchange goes live.
Business Model for a Crypto Exchange in India
A crypto exchange like WazirX generates revenue through several channels. Understanding the business model is essential before planning the exchange’s fee structure and features.
Trading Fees
WazirX charges a 0.2% maker and taker fee on spot trades. It also offers a zero-fee tier called WazirX ZERO for spot trading. Most exchanges earn the majority of their revenue from the spread between maker and taker fees on high-volume pairs. Fee revenue is directly proportional to trading volume, which is why attracting liquidity is the most important growth objective for a new exchange.
Listing Fees
Exchanges charge project teams a fee to list new tokens on the platform. This is a significant revenue stream as new projects compete for visibility on exchanges with large user bases. Listing fee structures vary widely depending on the exchange’s market position and the token’s market capitalization.
Withdrawal Fees
Exchanges typically charge a flat fee per withdrawal to cover on-chain transaction costs and operational overhead. These fees are small per transaction but add up at scale.
P2P and Premium Services
P2P transactions on WazirX carry zero trading fees for the exchange users, but the exchange benefits from the increased deposit and withdrawal activity that P2P facilitates. Premium features such as margin trading, futures, staking, and API access for algorithmic traders provide additional revenue streams that can be added after the core spot exchange is operational and compliant.
Cost to Build a Crypto Exchange Like WazirX in India
The total estimated initial investment to build and launch a centralized crypto exchange in India ranges from INR 1 crore to INR 3 crores or more. This range covers a feature set comparable to a functional but not full-featured version of WazirX. Here is what drives the cost at each stage.
| Cost Component | Estimated Range (INR) |
|---|---|
| Company registration and legal setup | INR 50,000 to INR 2,00,000 |
| FIU-IND registration and compliance advisory | INR 3,00,000 to INR 10,00,000 |
| Platform development (matching engine, wallet, UI, admin) | INR 50,00,000 to INR 2,00,00,000 |
| KYC and AML integration | INR 3,00,000 to INR 8,00,000 |
| Security audit and penetration testing | INR 5,00,000 to INR 20,00,000 |
| Cloud infrastructure setup (AWS or GCP) | INR 2,00,000 to INR 8,00,000 per year |
| Payment gateway integration and setup | INR 2,00,000 to INR 5,00,000 |
| Liquidity sourcing (initial market making) | Variable, based on trading pair depth targets |
Building this type of platform requires a team with specific expertise in exchange architecture, wallet systems, and Indian regulatory compliance. Working with a dedicated Cryptocurrency Exchange Development Company that has already built compliant exchange platforms in India reduces both development time and the risk of missing critical compliance requirements that are not obvious to teams building a crypto exchange for the first time.[7]
Build a Centralized Crypto Exchange Platform in India
Nadcab Labs develops centralized crypto exchange platforms with matching engine, wallet infrastructure, P2P INR engine, KYC and AML modules, TDS compliance systems, and FIU-IND-ready reporting built into the core architecture from day one.
Frequently Asked Questions
Yes, operating a crypto exchange is legal in India. There is no law banning it. However, the exchange must register as a Reporting Entity with FIU-IND under the Prevention of Money Laundering Act, deduct 1% TDS on transactions under Section 194S, register for GST, and incorporate a legal entity under the Companies Act 2013. Non-compliance with PMLA carries criminal penalties for company directors.
India does not issue a separate crypto exchange license as of 2026. The primary mandatory registration is with the Financial Intelligence Unit of India (FIU-IND) as a Reporting Entity under PMLA. The exchange must also be registered as a Private Limited Company, hold a GSTIN, and comply with VDA tax rules including TDS deduction. SEBI may introduce a formal licensing regime in the future.
The total estimated initial investment to build a centralized crypto exchange in India ranges from INR 1 crore to INR 3 crores or more. This includes platform development, legal setup, FIU registration, KYC integration, security audits, and cloud infrastructure. Ongoing compliance, liquidity provisioning, and operational costs add to this base investment. Actual cost depends on feature scope and team structure.
WazirX uses an auto-matching peer-to-peer (P2P) engine for INR deposits and withdrawals. Users who want to deposit INR are matched with sellers who want to convert their crypto holdings to INR. The exchange matches these counterparties automatically. WazirX also supports UPI, NetBanking, and IMPS for direct INR deposits. P2P transactions carry zero trading fees on WazirX.
A production crypto exchange must have cold wallet storage for at least 95% of user funds, multi-signature wallet authorization for all significant fund movements, hardware security modules for signing keys, two-factor authentication on all accounts, withdrawal address whitelisting with time-locks, DDoS protection, API rate limiting, regular independent security audits, and a penetration testing schedule. These are minimum requirements, not optional features.
In July 2024, WazirX lost approximately $230 million when attackers exploited a weakness in its multi-signature wallet arrangement. Specifically, the attack involved compromising a signing key holder’s device and manipulating the signing interface to approve unauthorized transactions. The exchange underwent court-approved restructuring and resumed trading on October 24, 2025. The incident highlighted the need for air-gapped hardware security modules for all signing keys.
Author
Naman Singh
Co-Founder & CEO, Nadcab Labs
Naman Singh is the Co-Founder and CEO of Nadcab Labs, where he drives the company’s vision, global growth, and strategic expansion in blockchain, fintech, and digital transformation. A serial entrepreneur, Naman brings deep hands-on experience in building, scaling, and commercializing technology-driven businesses. At Nadcab Labs, Naman works closely with enterprises, governments, and startups to design and implement secure, scalable, and business-ready Web3 and blockchain solutions. He specializes in transforming complex ideas into high-impact digital products aligned with real business objectives. Naman has led the development of end-to-end blockchain ecosystems, including token creation, smart contracts, DeFi and NFT platforms, payment infrastructures, and decentralized applications. His expertise extends to tokenomics design, regulatory alignment, compliance strategy, and go-to-market planning—helping projects become investor-ready and built for long-term sustainability. With a strong focus on real-world adoption, Naman believes in building blockchain solutions that deliver measurable value, solve practical problems, and unlock new growth opportunities for organizations worldwide.
