CoinDCX launches bounty after security breach

CoinDCX, one of the largest cryptocurrency exchanges in India, has issued an official statement following a sophisticated security incident on July 19, 2025, which affected one of its internal operational accounts used solely for liquidity provisioning on a partner exchange. The company emphasized that no customer funds were impacted and that all assets remain secure in segregated cold wallets, fully backed 1:1 by CoinDCX reserves. The breach was quickly contained, and CoinDCX has pledged to absorb the full ~$44 million USDT exposure from its own treasury, without disrupting customer operations or services.

CoinDCX launches bounty after security breach and issues official statement

According to the company, the attack involved a breach of an internal server, compromising an operational account. The affected account was immediately isolated, and the incident was reported to CERT-In (India’s Computer Emergency Response Team) on July 19. Importantly, customer wallets were structurally segregated and remained untouched, with all operations, including INR deposits, trading, and withdrawals, continuing without disruption.

Funds from the compromised account were traced across several blockchain transactions, ultimately consolidating into two known wallets. CoinDCX has engaged global cybersecurity firms, blockchain forensics specialists, and law enforcement authorities to trace and recover the stolen assets.

CoinDCX has reiterated its unwavering commitment to user security and platform integrity. The company holds robust reserves specifically designed to handle events like this and confirmed it has covered all losses internally.

“Customer assets are 100% safe,” a company spokesperson said. “We have maintained uninterrupted operations, including INR withdrawals, and have taken additional steps to enhance our security infrastructure. This incident, while significant, has not compromised the trust or assets of our users.”

Launch of recovery bounty program

In a decisive move, CoinDCX has launched a Recovery Bounty Program aimed at mobilizing the broader Web3 and cybersecurity community. The program offers up to 25% of any successfully recovered funds, potentially amounting to $11 million, as a reward to ethical hackers, white-hat researchers, and investigative teams that can provide actionable intelligence leading to the recovery of funds and identification of the perpetrators.

“This is not just about recovering lost funds, it’s about defending the principles of freedom, transparency, and trust that define the crypto ecosystem,” the company emphasized. “We call on the global community to stand together, set a new standard for response, and help safeguard the future of crypto.”

CoinDCX is working closely with prominent partners and ecosystem players, including the Solana Foundation, Superteam, Wormhole, deBridge, and specialized firms like Sygnia, zeroShadow, and Seal911. Together, they are conducting detailed forensic investigations, monitoring blockchain activity, and pursuing all legal and technical avenues to secure the ecosystem and hold bad actors accountable.

As investigations continue, CoinDCX has issued a warning to customers to beware of impersonators and scams. All official updates are available exclusively through CoinDCX’s official blog and verified social channels. Customers are advised never to share personal information with anyone claiming to represent CoinDCX outside these channels.

Individuals or teams interested in participating in the Recovery Bounty Program are invited to contact the company. CoinDCX has committed to reviewing every credible lead with fairness and transparency, underscoring that this initiative is as much about protecting the ecosystem as it is about asset recovery.

“We are humbled by the solidarity shown across the crypto community,” CoinDCX stated. “This incident has only strengthened our resolve to lead with integrity, rebuild stronger, and help secure the future of Web3.”