CoinDCX 44m USD hack: Indian crypto exchange offers bounty for ethical disclosure

Indian cryptocurrency exchange CoinDCX has launched a white hat recovery bounty program after suffering a $44 million exploit last Friday. The CoinDCX 44m USD hack targeted the exchange’s internal liquidity reserves but left customer funds untouched, according to CEO Sumit Gupta.

The incident marks the latest in a string of high-profile exchange hacks, raising fresh concerns about centralized platform security.

Gupta confirmed the CoinDCX 44m USD hack in a public statement, emphasizing that the loss was absorbed by corporate reserves.

“The exposure was from our own reserves, and we have already absorbed it through our corporate treasury,” he said in an X post. “More than recovering the stolen funds, what is important for us is to identify and catch the attackers, because such things shouldn’t happen again—not with us, not with anyone in the industry.”

The announcement follows a troubling trend in 2024, including February’s record-breaking $1.4 billion Bybit heist and a $230 million exploit of Indian rival WazirX.

White hat bounty: A desperate move or industry necessity?

CoinDCX’s offer of a 25% reward for recovered funds shows the challenges exchanges face in tracing stolen crypto. While ethical hackers could help mitigate losses, critics argue the move highlights systemic vulnerabilities.

Michael Pearl, VP of GTM strategy at blockchain security firm Cyvers, warns that the CoinDCX 44m USD hack is part of a broader pattern. “In Q2 2024 alone, over 65% of losses in Web3 originated from CEX-related incidents, with nearly $500 million lost due to wallet access breaches,” he told journalists. “These are not isolated events—they’re systemic weaknesses.”

Pearl urged exchanges to adopt preemptive measures like real-time wallet monitoring and offchain transaction validation, which he claims could prevent “99% of crypto hacks.”

User funds safe, but trust takes a hit

Despite assurances that the CoinDCX 44m USD hack didn’t impact customer assets, the breach risks eroding confidence in India’s crypto ecosystem. The exchange’s promise of uninterrupted operations contrasts with lingering fears about centralized platforms’ security.

“The platform continues to run as normal,” Gupta reiterated. However, the incident follows a year of escalating exploits, including the WazirX attack—India’s second-largest crypto theft in 2024.

Global implications and the road ahead

The CoinDCX 44m USD hack reflects a global crisis for exchanges, with Cyvers data showing 70% of hacked funds now target CeFi entities. Pearl’s call for “rethinking security postures” aligns with industry demands for stricter safeguards.

Key points:

• CoinDCX’s bounty program sets a precedent for post-hack recovery efforts.

• Centralized exchanges remain prime targets, accounting for most 2024 crypto losses.

• Offchain validation and real-time monitoring could curb future breaches.

As regulators scrutinize the sector, the CoinDCX 44m USD hack may accelerate demands for enforceable security standards. For now, the exchange’s recovery gamble hangs in the balance.