CoinDCX Puts $11M Bounty on Hackers After $44M Crypto Heist—Can They Recover the Funds?

Crypto exchange CoinDCX is fighting back after a $44 million breach—by offering white hats a $11 million reward to track down the culprits.

The Hack: Anatomy of a $44M Drain

Attackers exploited vulnerabilities (details still under wraps), making off with digital assets worth eight figures. No user funds were compromised—but the exchange’s coffers took a massive hit.

Bounty Hunting 101: $11M for Answers

CoinDCX’s bounty program targets ethical hackers who can trace the stolen crypto or identify weaknesses. A bold move, but skeptics note it’s cheaper than hiring top-tier cybersecurity—or admitting regulatory oversight gaps.

The Irony: Decentralization’s Achilles’ Heel

Another centralized exchange hack, another ‘lesson learned’ press release. Meanwhile, DeFi maximalists smirk and adjust their yield farms.

Will the bounty work? Or is this just PR damage control? Either way, the hackers just got a $44M reason to disappear.

TLDR

• CoinDCX suffered a $44 million hack targeting internal liquidity accounts while user funds remained safe
• The Indian exchange is offering up to 25% bounty (approximately $11 million) to white hat hackers for fund recovery
• This marks India’s second-largest crypto exchange hack after WazirX’s $230 million breach in 2022
• CEO Sumit Gupta says the company absorbed losses through corporate treasury and operations continue normally
• The hack highlights ongoing security vulnerabilities at centralized exchanges despite improved protocols

Indian cryptocurrency exchange CoinDCX announced a $44 million security breach targeting its internal operational accounts on Friday. The exchange has responded by offering a recovery bounty of up to 25% of any funds retrieved by ethical hackers.

CoinDCX CEO Sumit Gupta confirmed that the exploit affected the company’s internal liquidity provision accounts. User funds remained completely unaffected during the incident.

“The exposure was from our own reserves, and we have already absorbed it through our corporate treasury,” Gupta stated in a Monday social media post. The platform continues operating normally with no disruption to customer services.

The breach represents the second-largest publicly disclosed hack of an Indian crypto platform. WazirX suffered a larger $230 million exploit in 2022 that affected customer funds directly.

Recovery Efforts and Investigation

CoinDCX has launched a WHITE hat hacker program offering up to $11 million in bounties for fund recovery. The program aims to trace and retrieve stolen assets while identifying the attackers.

“More than recovering the stolen funds, what is important for us is to identify and catch the attackers,” Gupta explained. He emphasized preventing similar incidents across the entire industry.

The exchange has not disclosed specific details about the attack method or compromised systems. No information was provided about whether external threat actors have been identified.

Security experts suggest the breach likely involved compromised credentials, weak access controls, or potential insider threats. These internal treasury exploits differ from attacks targeting user wallets or external infrastructure.

CoinDCX has not confirmed involvement of law enforcement agencies or blockchain forensics firms like Chainalysis or TRM Labs. The bounty program represents the primary recovery strategy currently being pursued.

Industry Context and Security Concerns

The hack occurs during a renewed wave of centralized exchange exploits globally. Michael Pearl from blockchain security firm Cyvers noted that over 65% of Web3 losses in Q2 2024 originated from centralized exchange incidents.

“These are not isolated events, they’re systemic weaknesses,” Pearl told reporters. He emphasized the need for exchanges to adopt preemptive security solutions including real-time wallet monitoring.

Nearly $500 million was lost due to wallet access breaches during the second quarter alone. Pearl suggested that offchain transaction validation could prevent 99% of crypto hacks by validating transactions before mainnet execution.

Other Indian platforms including BuyUcoin have experienced similar security incidents in recent years. The pattern highlights vulnerabilities in internal controls at domestic exchanges.

Regulatory Environment

The breach is unlikely to trigger regulatory action since customer funds were not compromised and CoinDCX self-reported the incident. However, it may renew calls for improved operational security standards across Indian exchanges.

India’s crypto regulations remain under development with exchanges operating under Reserve Bank of India banking constraints. Security standards are not formally codified despite growing transaction volumes.

The incident comes as Indian crypto adoption increases despite a 1% tax deduction at source regime and unclear regulatory framework. Industry bodies have called for standardized cyber risk frameworks to address security gaps.

CoinDCX has committed to safeguarding user funds through insurance and wallet segregation protocols. Internal operational risks remain a critical vulnerability area requiring enhanced monitoring and controls.