CoinDCX offers 25% bounty to recover stolen crypto in $44-mn hac
CoinDCX, one of India’s largest cryptocurrency exchanges, recently confirmed a major security breach that resulted in the theft of around $44 million (₹368 crore). In a bold move to recover the lost funds, the company has launched India’s largest crypto bounty program, offering up to 25% of the retrieved amount as a reward.
This response not only shows transparency but also signals a shift in how Indian crypto firms handle cyberattacks.
What Exactly Happened?
On July 19, 2025, CoinDCX discovered unauthorized access to an internal operational account. This account was used to provide liquidity on the platform. Fortunately, customer funds were not affected. All user assets remain secure in segregated cold wallets, which were not part of the compromised infrastructure.
The affected funds came from CoinDCX’s own corporate treasury. This internal pool is used to ensure smooth trading operations and liquidity. Right after detecting the breach, the company halted key services, began an internal investigation, and reached out to cybersecurity experts and national authorities.
Where Did the Crypto Go?
Blockchain investigators quickly tracked the stolen assets. They found that:
- 155,830 SOL tokens (worth about $27.6 million) were moved to a Solana wallet.
- 4,443 ETH (worth roughly $15.7 million) landed in an Ethereum wallet.
Hackers moved the funds across Solana-Ethereum bridges, which help shift assets between blockchains. After that, they used Tornado Cash, a crypto-mixing tool that hides the transaction trail. This method made it harder to track the final destination of the funds.
Because of these steps, many cybersecurity experts believe the attackers may have used tactics similar to those of the Lazarus Group, a North Korean hacking collective known for targeting crypto exchanges.
A Bold Recovery Plan: The Bounty Program
To fight back, CoinDCX launched a Crypto Recovery Bounty. The exchange is inviting:
- White-hat hackers
- Blockchain researchers
- Cybercrime investigators
- Security firms and informants
Anyone who can help track or recover the stolen crypto—or identify the hackers—can earn up to 25% of the amount recovered. If the full $44 million is retrieved, that reward could reach $11 million.
This is the largest bounty ever announced in India’s crypto space. It reflects a growing trend where exchanges lean on the wider blockchain community during crises.
Mixed Reactions from the Industry
CoinDCX’s transparency has received praise. In an industry often criticized for lack of openness, the exchange’s quick disclosure and public call for help is rare. Many believe this move strengthens user trust at a time when confidence in crypto platforms is shaky.
However, some experts have raised concerns. They question how such a significant amount could be withdrawn without immediate detection. Others argue that stronger internal controls, like multi-signature wallets and real-time alerts, might have prevented the breach in the first place.
Despite these criticisms, the general response leans positive. CoinDCX appears determined to handle the crisis responsibly and to protect users and investors.
What Is CoinDCX Doing Now?
To rebuild its defenses and prevent future breaches, CoinDCX is taking several steps:
- Teaming up with global experts: The company is working with cybersecurity leaders such as Sygnia, zeroShadow, and Seal911 to investigate the incident and tighten security.
- Launching a separate bug bounty: Ethical hackers will soon be invited to find and report any other weaknesses in the platform.
- Improving wallet security: The company is updating how it stores and separates funds, especially between operational and user accounts.
- Cooperating with authorities: CoinDCX is actively working with CERT–In, India’s Computer Emergency Response Team, to support the investigation.
All core platform services—like crypto deposits, withdrawals, and trading—have already resumed. Web3 features that were paused during the breach are being restored in phases.
A Turning Point for Indian Crypto?
This attack comes at a crucial time for India’s digital asset ecosystem. With regulations still evolving, incidents like these could influence how lawmakers shape future rules. On the other hand, CoinDCX’s response could set a new standard for how Indian exchanges handle cyber threats.
The 25% bounty is especially significant. Not only does it encourage global participation in the investigation, but it also shows that Indian firms are willing to collaborate with the wider Web3 community during emergencies.
If the bounty program succeeds, other exchanges in India—and globally—may adopt similar strategies to recover stolen assets or even prevent thefts before they happen.
Final Thoughts
The $44 million CoinDCX breach is a wake-up call for the entire crypto sector. Even well-established platforms are vulnerable if internal security is not constantly updated. But the company’s reaction offers a silver lining.
By openly sharing the details, inviting help from the public, and committing to stronger safety measures, CoinDCX has taken ownership of the situation. Whether the stolen funds are recovered or not, the exchange has made one thing clear: user trust and platform security are now top priorities.
As the investigation continues, all eyes will remain on CoinDCX—not just to see if the bounty works, but to understand how the crypto world can respond better when trust is on the line.
