CoinDCX is offering a bounty of up to 25% to anyone who helps recover the $44.2 million stolen from its treasury in a recent security breach, the Indian crypto exchange said on Monday.
The offer is open to ethical hackers, white-hat researchers, and industry partners who can aid in retrieving the stolen funds and identifying the attackers.
The hack, disclosed on July 19, involved unauthorized access to one of CoinDCX’s internal operational accounts used for liquidity provisioning on a partner platform. The company clarified that the affected account was isolated from customer wallets.
“The exposure was from our own reserves, and we have already absorbed it through our corporate treasury. This doesn’t impact any of our customers,” said CEO Sumit Gupta on X.
He added that CoinDCX wants to go beyond recovering funds and focus on catching the attackers.
“More than recovering the stolen funds, what is important for us is to identify and catch the attackers… We will fight this and ensure that the Indian crypto community comes out of this stronger.”
According to preliminary findings, the attackers moved the assets using Solana-Ethereum bridges. The stolen crypto was later consolidated into 4,443 ETH (roughly $15.7 million) and 155,830 SOL (worth about $27.6 million). The funds are currently idle on-chain.
CoinDCX said it is working with CERT-In, global cybersecurity teams, and partner exchanges to freeze the stolen assets and investigate the breach. A forensic report will be released once the investigation concludes.
The company said its recovery bounty program is also a call to action for the broader Web3 community.
Following the breach, users reported issues accessing the platform, which CoinDCX attributed to server overload. It has since scaled its infrastructure to restore access.
CoinDCX said the bounty program isn’t about the money, but about safeguarding collective trust. While acknowledging the breach, the company stressed it has always built with intent and integrity. “This isn’t a cry for help—it’s a stand for the future,” it said, adding that if such an attack could happen to them, it could happen to anyone.
The goal now is to set a stronger standard for how the crypto industry responds and recovers. The program offers up to 25% of recovered funds, potentially $11 million, and is open to ethical hackers, white-hats, and anyone committed to crypto security.
The attack comes just a year after WazirX, another Indian crypto exchange, suffered a far larger breach, losing between $230 and $235 million. Unlike CoinDCX, WazirX faced backlash for opting for a partial reimbursement model.
Founded in 2018, CoinDCX claims over 16 million registered users. In May 2025, it processed $492 million in spot trading volume, with Bitcoin and Ethereum among its most traded assets.
Gupta said the exchange is treating the breach as a turning point.
Also Read: Lazarus Behind $44M CoinDCX Hack, Mirrors WazirX Breach Pattern
