On July 19, 2025, crypto exchange CoinDCX suffered a serious cyberattack in which hackers drained approximately $44.2 million (₹ 378 crore) from an internal treasury wallet used for liquidity provisioning—not user funds
- The breach was first detected by blockchain researcher ZachXBT, finding that the stolen assets passed through Tornado Cash and Solana–Ethereum bridges
- CoinDCX confirmed no customer wallets were affected, with user funds held securely in segregated cold wallets
🧠 The Bounty: Up to $11M for Recovery Help
- In response to the hack, CoinDCX has launched India’s largest crypto recovery bounty—offering up to 25% of recovered funds, which could total around $11 million, to anyone who helps trace or retrieve the stolen assets.
- Most of the stolen funds have reportedly been traced to two public wallets, and CoinDCX is actively working to track and recover them
🧾 Response & Ongoing Measures
- The exchange has committed to covering the entire loss using its own treasury reserves, ensuring no losses to customers.
- CoinDCX temporarily suspended its Web3 mode, but ensured that centralized trading, INR deposits, and withdrawals remain fully operational.
- The company is collaborating with CERT-In, cybersecurity experts, and a partner exchange to block illicit transfers, identify the attackers, and strengthen systems.The Economic Times
- A bug bounty program is also being rolled out to crowdsourced vulnerability discovery and harden defenses
📊 Summary Table
| Topic | Details |
|---|---|
| Loss Size | |
| Customer Impact | None—user funds unaffected, held in cold wallets |
| Bounty Offer | 25% of recovered funds, potentially ~$11 million |
| Services Status | Centralized trading & INR withdrawals unaffected |
| Recovery & Security Actions | Working with CERT‑In, infosec firms, launching bug bounty |
🌐 Why This Matters
- First-of-its-kind bounty in India: CoinDCX sets a precedent by offering large-scale rewards for asset recovery in crypto
- Boosting credibility via accountability: By absorbing the loss entirely and ensuring no customer harm, CoinDCX aims to restore user trust
- Highlighting systemic risk: The incident comes just a year after WazirX lost over $230 million, echoing the need for stronger cybersecurity across exchanges
📌 Final Take
CoinDCX’s quick response—absorbing the loss, tracing stolen assets, and launching a generous recovery bounty—reflects a proactive approach to crisis management. While hackers drained $44 million, the exchange’s readiness to protect customers and involve the global security community underscores its commitment to stronger ecosystem resilience.
