• CoinDCX suffered a $44 million hack on July 19, affecting an internal liquidity account but not customer wallets.
  • The exchange launched a bounty program offering up to 25% of recovered funds, with potential rewards of up to $11 million.

India’s leading crypto exchange, CoinDCX, has confirmed a $44 million exploit targeting an internal liquidity provisioning account on July 19.

The exchange assured users that no customer funds were impacted, and that the loss will be absorbed from its treasury reserves.

CEO Sumit Gupta disclosed the breach shortly after on-chain analyst ZachXBT flagged suspicious activity.

The attacker is said to have initiated the exploit using 1 ETH from crypto mixer Tornado Cash, ultimately bridging over $15 million from Solana to Ethereum.

Blockchain security firm Cyvers reported that $27.7 million was initially traced to a Solana wallet, with $15.8 million bridged to Ethereum. Nearly all of the funds, $43.4 million, now appear to be consolidated in an Ethereum address.

$11 Million Bounty on the Table

In response, CoinDCX has announced a bounty program offering up to 25% of the recovered amount, potentially $11 million, for assistance in tracing and recovering the stolen assets.

The call targets ethical hackers, white-hat researchers, and blockchain analysts.

"Cybercrime is an attack on trust. And when one of us is targeted, all of us feel it," CoinDCX said in a statement.

CoinDCX is working with cybersecurity firms Sygnia, Seal911, and zeroShadow to trace the funds. The breach has also been reported to India’s Computer Emergency Response Team.

Experts have raised renewed concerns over centralised exchange vulnerabilities, drawing parallels with the $235 million WazirX hack from July 2023.

“This hack is part of a recent wave of exchange breaches... stark reminders that centralised platforms remain prime targets,” said Cyvers CEO Deddy Lavid.

As trading activity resumes, co-founder Neeraj Khandelwal tweeted that prices are “gradually normalising automatically.”

Calls are growing for more robust security frameworks, including self-custody solutions and regulatory collaboration, as the industry grapples with the fallout.

Edited by Annette George