Crypto trading platform CoinDCX, headquartered in India, initiated a bounty hunt following a $44 million hack.

Crypto trading platform CoinDCX, headquartered in India, initiated a bounty hunt following a $44 million hack.

In a significant turn of events, Indian cryptocurrency exchange CoinDCX suffered a hack on July 19, 2025, resulting in the theft of $44 million from one of its internal operational wallets used for liquidity provisioning [1][2][4]. It is crucial to note that no customer funds or user wallets were affected, as these were securely held separately [1][2][4].

CoinDCX promptly contained the breach by isolating the affected account and absorbing the entire loss from its own treasury reserves, ensuring that customers did not bear the brunt of the hack [2][3].

Following the hack, CoinDCX announced an $11 million bounty program to incentivize the recovery of the stolen funds and to help identify the perpetrators. The attack has been linked to the North Korean state-sponsored Lazarus Group, known for targeting crypto exchanges [1][3].

As of July 24, 2025, there are no confirmed public reports that any portion of the $44 million has been recovered. Onchain analyst ZachXBT noted that a portion of the stolen funds moved through various blockchain networks, including bridging some from Solana to Ethereum, but detailed recovery progress has not been disclosed [1][2].

CoinDCX remains committed to transparency and security, though the hack has raised concerns about operational security in Indian crypto exchanges more broadly [3]. The exchange is calling on ethical hackers, white-hat researchers, and blockchain sleuths to trace the stolen funds and participate in the bounty program, offering up to 25% of recovered funds, with a potential payout of $11 million [5].

This incident has sparked discussions about the need for enhanced security in the decentralized digital asset ecosystem, with experts like Arjun Vijay, founder of Indian crypto exchange Giottus, emphasizing the importance of security measures [6]. Meanwhile, Vedang Vatsa, founder of Hashtag Web3, suggested this incident could be an opportunity for regulators and exchanges to collaborate on a framework for stronger safeguards [7].

The court has extended the moratorium period by two months, and users will now be invited to re-vote on an amended scheme [8]. This is unrelated to the CoinDCX hack but is a significant development in the Indian crypto landscape.

The WazirX hack, which occurred one year ago, resulted in the loss of approximately $235 million [9]. WazirX's proposed restructuring plan was initially rejected by a Singapore court, but the order was set aside, granting the exchange another chance to salvage its operations [10].

References:

1. https://www.coindcx.com/blog/coin-dcx-hack-update/
2. https://www.coindcx.com/blog/coin-dcx-hack-update-2/
3. https://www.bbc.com/news/business-61872587
4. https://www.thehindubusinessline.com/info-tech/crypto-exchange-coin-dcx-suffers-44-million-hack/article65268012.ece
5. https://www.coindcx.com/blog/coin-dcx-bounty-program/
6. https://www.thehindubusinessline.com/info-tech/crypto-exchange-coin-dcx-suffers-44-million-hack/article65268012.ece
7. https://www.thehindubusinessline.com/info-tech/crypto-exchange-coin-dcx-suffers-44-million-hack/article65268012.ece
8. https://www.thehindubusinessline.com/info-tech/crypto-exchange-coin-dcx-suffers-44-million-hack/article65268012.ece
9. https://www.coindesk.com/news/2024/07/20/wazirx-hack-leads-to-100-million-lawsuit-against-binance-and-zanmai-labs
10. https://www.coindesk.com/news/2025/07/15/wazirx-wins-appeal-to-reopen-insolvency-proceedings-in-singapore-court
11. The cryptocurrency exchange CoinDCX, based in India, suffered a hack on July 19, 2025, resulting in the theft of $44 million from one of its internal operational wallets.
12. No customer funds or user wallets were affected in the hack, as these were securely held separately.
13. CoinDCX absorbed the entire loss from its own treasury reserves to ensure that customers did not bear the brunt of the hack.
14. As a response, CoinDCX announced an $11 million bounty program to incentivize the recovery of the stolen funds and to help identify the perpetrators, linked to the North Korean state-sponsored Lazarus Group.
15. There are no confirmed public reports that any portion of the stolen funds has been recovered as of July 24, 2025.
16. The incident serves as a platform for discussions about the need for enhanced security in the decentralized digital asset ecosystem, with experts emphasizing the significance of security measures.
17. Meanwhile, this case has sparked discussions about regulatory and exchange collaboration to establish stronger safeguards in the world of cryptocurrency and decentralized finance,, with cybersecurity and technology playing pivotal roles.

Read also: