CoinDCX Launches $11M Recovery Reward Program After $44.2M Treasury Hack
- What Happened in the CoinDCX Exploit?
- How Is CoinDCX Responding?
- Was User Money Affected?
- Security Lessons From the Attack
- Industry Reactions and Next Steps
- FAQ: CoinDCX Hack and Bounty Program
Indian crypto exchange CoinDCX has rolled out a 25% bounty program (up to $11M) to recover funds stolen from its corporate treasury in a July 19, 2025 exploit. While user funds remained safe, the breach involved cross-chain laundering via Tornado Cash and Ethereum wallets holding over 12,144 ETH ($46M). The exchange faces scrutiny over transparency delays but has partnered with security firms and blockchain foundations for recovery efforts.
What Happened in the CoinDCX Exploit?
On July 19, 2025, CoinDCX detected a $44.2M drain from its internal liquidity wallets. Blockchain sleuth ZachXBT traced the attack to ethereum address 0xEF0C5B9E0E9643937D75C229648158584A8CD8D2, which received 12,144 ETH (worth $46M at $3,818/ETH). The hacker initially funded the operation with 1 ETH via privacy tool Tornado Cash – a red flag for laundering stolen assets. Within hours, the attacker moved funds across Solana and Bitcoin networks using wallets like 6peRRbTz28xofaJPJzEkxnpcpR5xhYsQcmJHQFdP22n.
How Is CoinDCX Responding?
Co-founders Sumit Gupta and Neeraj Khandelwal announced afrom an $11M pool – the largest white-hat incentive in India’s crypto history. "Cybercrime attacks trust industry-wide," Khandelwal stated on X. Partners like solana Foundation and Wormhole are assisting, while security firms Sygnia and Zeroshadow conduct forensic analysis. Notably, the exchange took 17 hours to disclose the breach, during which ZachXBT’s Telegram channel exposed real-time fund movements.
Was User Money Affected?
CoinDCX insists only corporate treasury funds were compromised. "We’ve absorbed the loss internally," their press release clarified. However, critics point to marketing team members like Karande allegedly pressuring Discord communities to praise the exchange’s "transparency." Blockchain analytics show the hacker still holds all 12,144.63 ETH, with no token conversions attempted as of press time.
Security Lessons From the Attack
The exploit reveals critical gaps in exchange infrastructure. Despite CoinDCX’s claim that "wallet systems were never breached," the hacker exploited operational wallets used for partner liquidity provisioning. The exchange now plans to redesign its security architecture, though specifics remain undisclosed. As ZachXBT’s TRM Labs flowchart shows, cross-chain bridges enabled rapid fund obfuscation – a growing pain point in DeFi security.
Industry Reactions and Next Steps
Superteam and debridge have joined the recovery initiative, while Seal911 provides emergency response support. "This shouldn’t happen to anyone in our industry," Gupta emphasized. Meanwhile, traders on BTCC and other exchanges are monitoring ETH price volatility linked to the hack. CoinGlass data shows a 3% ETH dip post-announcement, though markets stabilized within 12 hours.
FAQ: CoinDCX Hack and Bounty Program
How much is CoinDCX offering for recovery help?
Up to $11M (25% of stolen funds) for information leading to asset recovery or hacker identification.
Were customer deposits stolen?
No – only corporate treasury funds were affected, per CoinDCX’s official statement.
What’s the hacker’s current Ethereum balance?
12,144.63 ETH ($46M) remains unmoved in wallet 0xEF0C5B9E0E9643937D75C229648158584A8CD8D2 as of July 22, 2025.
Why did CoinDCX delay disclosure?
Unclear – the 17-hour silence contrasts with blockchain investigators’ real-time alerts.
