India’s leading crypto exchange, CoinDCX, has launched a massive recovery plan after suffering a $44 million security breach. The attack hit one of its internal wallets, sparking concerns across the Indian crypto industry.
Hack Confirmed, User Funds Safe
The breach was discovered on July 13 when CoinDCX noticed unusual activity in one of its operational wallets. Internal checks revealed that $44 million worth of crypto assets had been stolen. Thankfully, no user funds were affected, as the loss came entirely from the company’s treasury.
$11 Million Bounty to Catch the Attacker
In a bold move, CoinDCX is offering a bounty of up to $11 million to anyone who can help trace the stolen assets or identify the hacker. This is one of the largest recovery bounties ever announced by an Indian crypto exchange.
The company is now working with cybersecurity firms, blockchain forensic teams, and intelligence experts from around the world. Indian law enforcement has also been notified, and legal action has been initiated.
Hackers Use Tornado Cash to Obscure Trail
Blockchain investigator ZachXBT reported that some of the stolen funds have already been swapped for Ethereum (ETH) and sent through Tornado Cash, a crypto-mixing tool. This makes tracing the funds even more challenging.
Despite the use of mixing services, CoinDCX says it’s committed to recovering the assets and making an example of the attacker.
Breach Linked to Internal Wallet Vulnerability
According to blockchain security firm Cyvers, the breach started with a suspicious $1.1 million transaction. The attacker accessed one of CoinDCX’s operational wallets but did not affect smart contracts or customer systems.
CoinDCX acted quickly. The affected wallet was deactivated, and new real-time monitoring tools were introduced. The company has since upgraded its wallet configurations and internal security protocols.
A Wake-Up Call for India’s Crypto Industry
This is the second-biggest public crypto breach in Indian exchange history. In 2022, WazirX suffered a $230 million loss. Both cases stemmed from internal issues, not external protocol flaws.
The incident has sparked calls for stronger internal audits, greater transparency, and tighter operational security. As Indian crypto exchanges grow, many may adopt CoinDCX’s approach of combining public bounties with quick internal fixes.
Looking Ahead
CoinDCX’s proactive stance could become a model for other platforms. It has absorbed the loss, protected user funds, and taken a public lead in the investigation. The exchange promises further updates as the situation unfolds.
For now, the attacker remains unidentified and the stolen funds unrecovered—but CoinDCX has made it clear: they’re not backing down.
