In a high-stakes response to a devastating security breach, Indian cryptocurrency exchange CoinDCX has launched a nationwide bounty hunt after a sophisticated hack resulted in losses of approximately $44 million (₹368–378 crore). The exploit on an internal “operational” account separate from user hot and cold wallets resulted in a recovery effort involving the best cybersecurity firms and major players in the ecosystem.
Table of Contents
The Breach
On July 19, 2025, CoinDCX confirmed a breach of an internal account used for liquidity provisioning. In a press statement given by CEO Sumit Gupta, he stated that the funds were sopped up in a “sophisticated server breach” with about 1 ETH coming directly from Tornado Cash, kicking off the exploit. A significant portion of the stolen tokens was routed from Solana to Ethereum via a bridge to conceal the trail.
CoinDCX assured users that there is no malicious activity affecting their assets, as they are stored in segregated wallets. The breach was contained very swiftly by isolating the compromised account, allowing the platform to continue running the service as usual.
Investigative Response
Given the urgency of the situation, CoinDCX hired some of the best firms from the space to track down the stolen funds:
- Sygnia and Seal911, renowned cybersecurity firms, attempted to create a transaction flow map and potentially froze assets.
- The Solana Foundation and Wormhole are assisting in cross-chain tracking and relaying alerts to their respective networks.
- Cyvers, a firm specializing in blockchain forensics, tracked $27.7 million on Solana and $15.8 million on Ethereum to two wallets. It further alleged that the tactics are reminiscent of North Korea’s Lazarus Group, which utilizes tools such as Tornado Cash and cross-chain bridges.
Security analysts note that the overall sophistication of the hack reflects techniques used in previous attacks attributed to Lazarus, highlighting vulnerabilities in centralized exchanges.
Person of Interest: The White-Hat Bounty
On July 21, CoinDCX established a Recovery Bounty Program—the largest of its kind in India—targeting white-hat hackers and blockchain explorers. Members of the program who help track and recover assets will receive up to 25% of the recovered value—meaning a possible payout of $11 million.
Sumit Gupta explained that, beyond just fund recovery, the interrogation of culprits will promote transparency and trust in the industry.
White-hats interested in helping may submit detailed leads to the exchange via the email addresses mentioned by CoinDCX.
Regulatory and Industry Implications
CERT-In, India’s cyber incident response team, is now investigating the occurrence of the breach in a formal manner.
The incident occurred after the July 2024 $230 million hack of rival exchange WazirX—the largest in terms of crypto losses in India to date.
Market analysts are urgently calling for strengthened cybersecurity measures, improved audit systems, and enhanced regulatory oversight of centralized cryptocurrency platforms.
Industry experts warn that centralized exchanges remain targets, with over $2.1 billion stolen from crypto services in the first half of 2025, signaling an urgent need for proactive, real-time security mechanisms.
Market Position and Response
CoinDCX, having ensured that the treasury reserves will take the entire brunt, thereby letting none of it impact their customers, pledges.
First, setting this roadmap for security enhancements, bug bounties, and forensic audits shows that all efforts toward ensuring user safety are being taken into consideration.
Being in the spotlight, this very transparency—despite some criticism due to the 17-hour delay in disclosure—is perceived by some as a welcome step toward better crisis management in crypto.
What Comes Next
Recovery Efforts: The assets at stake are being traced and frozen through a bounty and partners worldwide. The contributors shall be paid out upon recovery of funds.
Security Revamp: CoinDCX will be working on backend security overhaul to introduce real-time wallet monitoring and infrastructure resilience.
Regulatory Push: This attack may trigger tighter cybersecurity requirements for exchanges within India, which may form the base of forthcoming crypto regulations.
This incident highlights a significant fact: centralized platforms, with their substantial liquidity offered with ease, can pose serious security threats. CoinDCX’s active and transparent recovery solution, which involves white-hat bounties and corporate responsibility, may establish a new standard for crisis management.
