Indian crypto exchange CoinDCX has launched an aggressive recovery campaign after confirming a $44 million theft from one of its internal operational wallets.
The incident, which is the second-largest publicly known exchange exploit in India, involved no customer funds. However, CoinDCX has offered a bounty of up to $11 million to incentivise the tracking and return of the stolen digital assets.
The stolen funds were moved through mixing services like Tornado Cash, raising the complexity of the recovery.
As CoinDCX rallies blockchain investigators and security experts to trace the transactions, the industry is watching closely to see if this new model of “post-breach bounties” can be effective in bringing perpetrators to justice.
$11 million bounty launched to trace attacker and recover fundsThe breach was identified on 13 July when CoinDCX flagged unusual activity in one of its operational wallets. After internal audits, the company confirmed that $44 million in digital assets were siphoned from its treasury.
In response, it launched a public recovery bounty offering up to $11 million to anyone who can help trace the funds or identify the attacker.
CoinDCX said it is working with global cybersecurity firms, on-chain forensics teams, and intelligence partners to follow the trail. It has also notified law enforcement in India, initiating formal legal proceedings.
The exchange has made it clear that its goal is not only to recover the stolen assets but to send a strong deterrent signal to future attackers.
Blockchain investigator ZachXBT published on 15 July that some of the funds had already been swapped for Ethereum (ETH) and routed through mixing protocols, making the trail harder to follow.
Despite this, CoinDCX’s bounty is one of the largest ever offered by an Indian exchange, underscoring its commitment to asset recovery.
Breach stemmed from internal wallet vulnerabilityAccording to analysis from blockchain security firm Cyvers, the exploit began with a suspicious transaction of $1.1 million.
The attacker accessed one of CoinDCX’s operational wallets, but did not compromise smart contracts or customer-facing infrastructure. All user funds remain intact, with the loss absorbed entirely from the company’s treasury.
The breach has prompted CoinDCX to audit all wallet configurations and reinforce operational security protocols. The affected wallet has been decommissioned, and no further suspicious activity has been detected since the initial attack.
The company has also implemented new controls to monitor and isolate unusual wallet activity in real time.
This marks the second major crypto security incident involving an Indian exchange. WazirX previously disclosed a $230 million breach in 2022. Both cases were the result of platform-specific operational failures rather than protocol vulnerabilities or regulatory issues.
Industry braces for more transparency and internal auditsThe CoinDCX incident has renewed focus on operational security standards across India’s crypto landscape. Despite having one of the world’s largest Web3 developer communities, India’s centralised crypto exchanges have faced repeated breaches due to flawed internal systems.
CoinDCX’s decision to absorb the loss internally and respond publicly with a recovery bounty sets a potential precedent. As Indian exchanges face pressure to prove their resilience, similar bounty-backed recovery models could become a new industry norm.
Other exchanges may also be forced to conduct internal audits and disclose results to restore user confidence. While regulatory clarity in India is still evolving, the breach highlights the urgent need for exchanges to implement rigorous internal safeguards beyond external compliance.
CoinDCX is expected to issue additional updates as the investigation progresses. As of now, no individuals have been publicly identified in connection with the attack, and the stolen assets remain unrecovered.
Read more on Investing.com India
