Cryptocurrency exchange CoinDCX on Monday launched what it calls India’s biggest crypto recovery bounty programme, after suffering a security breach that resulted in the theft of about $44.2 million worth of digital assets.
The company has introduced a Recovery Bounty Program, which offers up to 25% of any successfully recovered funds as rewards for actionable intelligence that leads to asset retrieval and the identification of the attacker. The potential bounty pool could go up to $11 million if the full amount is recovered.
“We are collaborating with exchange partners to block and recover assets,” said Neeraj Khandelwal, Co-founder of CoinDCX, adding, “At the same time, we are launching this bounty program to strengthen our defences and reinforce transparency.”
As of Sunday, a large portion of the stolen funds appeared to be held in two wallets—one containing approximately 155,830 SOL (valued at $27.6 million) and another holding about 4,443 ETH (around $15.7 million), the company said.
CoinDCX is working closely with several partners on the investigation and recovery efforts, including cybersecurity firms Sygnia, zeroShadow, and Seal911, as well as ecosystem collaborators such as the Solana Foundation, Superteam, and bridge providers Wormhole and deBridge, it said.
The company is inviting ethical hackers, white-hat researchers, and other cybersecurity experts to participate in the bounty program. Contributions will be reviewed and rewarded based on credibility and impact, it said. Interested parties can reach out via email at bountyprogram@coindcx.com.
.thumbnailWrapper{
width:6.62rem !important;
}
.alsoReadTitleImage{
min-width: 81px !important;
min-height: 81px !important;
}
.alsoReadMainTitleText{
font-size: 14px !important;
line-height: 20px !important;
}
.alsoReadHeadText{
font-size: 24px !important;
line-height: 20px !important;
}
}
The breach—which occurred between July 18 and 20—targeted one of CoinDCX’s internal operational wallets on the Solana blockchain. The company confirmed the incident late Friday following a detailed statement and video posted on social media by co-founder and CEO Sumit Gupta.
While CoinDCX did not officially confirm the total amount stolen, blockchain security firm Cyvers reported the attacker siphoned off funds in USDC and USDT worth over $44 million.
CoinDCX said that no customer funds were impacted, and the compromised wallet was restricted to internal operations managed via a partner exchange.
When WazirX, a rival cryptocurrency exchange, was hacked around the same time last year on July 18, it launched a similar global bounty program offering up to $23 million to aid in the recovery of $234 million worth of stolen digital assets.
The initiative invited white-hat hackers, blockchain forensics experts, and cybersecurity professionals worldwide to contribute to the recovery efforts, pledging rewards worth 10% of any assets successfully retrieved.
So far, WazirX has only managed to freeze a small portion (about $3 million) of the stolen funds in cooperation with law enforcement. However, the bulk of the assets were laundered via crypto mixers and remain unrecoverable.
Edited by Suman Singh
