22-07-2025
CoinDCX Launches Crypto Recovery Bounty After USD 44 Mn Breach
CoinDCX introduced a Recovery Bounty Program that offers up to 25 percent of any successfully recovered funds as a reward for actionable intelligence leading to the retrieval of assets and identification of the attacker.
You're reading Entrepreneur India, an international franchise of Entrepreneur Media.
Cryptocurrency exchange CoinDCX has announced a major initiative to recover digital assets worth approximately USD 44.2 million stolen in a recent security breach. The company unveiled a Recovery Bounty Program on Monday, offering rewards of up to 25 percent of any successfully retrieved funds to individuals who provide actionable intelligence that leads to asset recovery or the identification of the perpetrator.
The potential bounty could reach USD 11 million, making it the largest of its kind in India's crypto sector. The breach targeted an internal operational wallet on the Solana blockchain between July 18 and 20, and was confirmed by the company late Friday.
"We are collaborating with exchange partners to block and recover assets," said Neeraj Khandelwal, Co-founder of CoinDCX. "At the same time, we are launching this bounty program to strengthen our defences and reinforce transparency."
As of Sunday, CoinDCX reported that a significant portion of the stolen assets appeared to be consolidated in two crypto wallets—one holding around 155,830 SOL (approximately USD 27.6 million) and another containing 4,443 ETH (about USD 15.7 million).
The company is working with cybersecurity firms Sygnia, zeroShadow, and Seal911 to investigate the breach. It has also partnered with the Solana Foundation, Superteam, and bridge infrastructure providers Wormhole and deBridge to support asset recovery efforts.
CoinDCX emphasized that no customer funds were affected in the incident. The compromised wallet was reportedly used solely for internal operations and was managed through a partner exchange.
The firm is now inviting ethical hackers, white-hat researchers, and cybersecurity experts to join the recovery effort. Contributions will be assessed based on credibility and potential impact, and participants can contact the company via the dedicated email address provided.
Blockchain security firm Cyvers reported that the attacker made off with funds denominated in USDC and USDT. While CoinDCX has not officially confirmed the total stolen amount, the figure aligns with Cyvers' analysis.
The breach mirrors a similar incident involving rival exchange WazirX last year. On July 18, 2024, WazirX launched a global bounty program offering up to USD 23 million to help retrieve USD 234 million in stolen crypto. Despite the effort, only about USD 3 million of the assets were frozen, with the remainder laundered through crypto mixers.
CoinDCX's new program highlights a growing reliance on community-led initiatives to combat crypto-related cybercrime.
