CoinDCX launches $11M recovery bounty after $44.2M cyberattack

Indian crypto exchange CoinDCX has announced a major recovery initiative after losing $44.2 million in a cyberattack that targeted one of its internal operational accounts on July 19. In a bid to track down the perpetrators and recover the stolen digital assets, the company has launched the CoinDCX Recovery Bounty Program, offering up to 25% of any recovered funds approximately $11 million as a reward.

In a blog post on Sunday, the company clarified that the breach was restricted to its treasury and that user funds were not impacted. “We want to be upfront – the loss was from our own treasury, and we’ve already absorbed it through our reserves,” CoinDCX stated, assuring users that its operations remain fully functional.

The company added that the targeted account was used solely for liquidity provisioning and was segregated from customer wallets. The breach was “quickly contained” by isolating the affected account, and no customer wallets were compromised.

The Recovery Bounty Program is open to ethical hackers, white-hat researchers, and cybersecurity professionals who can help trace and retrieve the stolen assets or assist in identifying and convicting those responsible.

“These past few days have been tough… But this isn’t just about the stolen assets. It’s about what all of us in Web3 are building together: freedom, transparency, and trust,” CoinDCX said, urging the broader crypto ecosystem to unite against cybercrime.

CoinDCX also revealed that it is working with top cybersecurity firms to patch vulnerabilities and strengthen infrastructure. The company emphasized that new security measures have already been deployed, and more enhancements are underway to ensure such incidents do not recur.

CoinDCX Co-founder and CEO Sumit Gupta commented on X (formerly Twitter), “The exposure is only limited to this specific account and is being fully absorbed by us — from our own treasury reserves. Our internal security and operations teams have been working around the clock.”

The announcement comes as the Web3 sector faces increasing scrutiny over platform vulnerabilities and fund security. CoinDCX’s decision to go public with the attack and rally the community around a structured bounty programme sets a precedent for transparency and collective action in the crypto space.

Read More: Influencers push crypto ads in rampant violation of ASCI guidelines

Read More: US election, Donald Trump fuel crypto ad boom in India; players up spends by 15%

Read More: Google tightens crypto ad policies to combat financial scams