CoinDCX Launches Massive Bounty Program After $44 Million Hack

CoinDCX, one of the largest cryptocurrency exchanges in India, was hacked and had 44.2 million USD stolen from its internal trading wallet on July 19, 2025.

The stolen amount includes 28.3 million USD SOL and 15.78 million USD ETH, with the hacker using Tornado Cash to hide their tracks. CoinDCX immediately locked the wallet and committed to fully compensating the damages from the company's reserve fund.

How was CoinDCX hacked and what was the damage?

Based on official information from CEO Sumit Gupta, the attack on CoinDCX's internal trading wallet caused damages of 44.2 million USD, including 28.3 million USD Solana (SOL) and 15.78 million USD ETH.

The hacker used Tornado Cash to hide the money transfer activities, making tracing difficult. However, CoinDCX quickly froze the wallet to prevent further losses. Notably, all damages will be compensated from the company's reserve fund, without affecting customer funds.

"We want to be transparent that the damage comes from the exchange's own fund and is not related to user assets. We are committed to protecting customer interests and aggressively pursuing the perpetrators."
Sumit Gupta, CEO of CoinDCX, 21/7/2025

How is the 25% recovery bounty program being implemented?

CEO Sumit Gupta announced the Recovery Bounty program, offering up to 25% of the value of successfully recovered funds to individuals or groups supporting the tracing and recovery of stolen assets.

The program aims to increase proactivity in catching hackers and minimize risks for the global cryptocurrency industry. Publicly announcing this reward confirms CoinDCX's professionalism and responsibility in managing serious security incidents.

Why are users concerned about the transparency of Indian cryptocurrency exchanges?

Compared to global exchanges like Bybit, which always warn users within an hour of an incident, Indian exchanges like CoinDCX and WazirX respond slowly, taking many hours to notify users. This creates significant debate about processing speed and transparency in the industry.

The CoinDCX hack, following the 230 million USD theft at WazirX in 2024, further highlights the security risks faced by Indian exchanges, urgently requiring improvements in security processes and user communication.

"We need to enhance transparency and respond faster to rebuild user trust in domestic cryptocurrency exchanges."
Financial Cybersecurity Expert, 2025 Report

What are the key lessons from the CoinDCX hack for the Indian cryptocurrency industry?

The incident emphasizes the importance of advanced security measures, such as internal wallet monitoring and using on-chain analysis tools to detect early signs of intrusion.

Additionally, a transparent mechanism is needed to quickly disclose incidents to minimize the risk of losing customer and market trust. Strong investment in technical security and high-responsibility risk management will be a decisive factor in the sustainable development of Indian exchanges.

Frequently Asked Questions

Does the CoinDCX hack affect customer assets?

According to CEO Sumit Gupta, the damages will be paid from the exchange's own fund and do not affect user funds.

How does the recovery bounty program work?

CoinDCX will pay up to 25% of the value of successfully recovered funds to individuals or groups helping to trace and recover stolen assets.

Why do Indian exchanges respond slowly after security incidents?

The main reason is that internal processes are not yet optimized, lack transparency, and have many limitations in crisis management compared to international exchanges.

Does the CoinDCX hack impact the Indian cryptocurrency market?

The incident increases security risks and drives users and regulators to demand that exchanges improve security, transparency, and accountability.

What can cryptocurrency exchanges do to prevent similar hacks?

Exchanges need to adopt modern security technologies, enhance monitoring, improve transparency, and develop clear, quick incident response plans.