CoinDCX Launches Whitehat Recovery Bounty after $44M Hack

Indian cryptocurrency exchange CoinDXC has announced a recovery effort after falling victim to a $44 million exploit last Friday, with the firm pledging a bounty for white hat hackers who help retrieve the stolen funds.

CoinDXC’s internal accounts used for “liquidity provision” were exploited on Friday, leading to $44 million worth of cryptocurrency being stolen, while user funds remained unaffected.

In an effort to recover the stolen funds, CoinDCX CEO Sumit Gupta announced a new recovery bounty program that offers white hat or ethical hackers up to 25% of any recovered funds that can help trace and retrieve them.

“The exposure was from our own reserves, and we have already absorbed it through our corporate treasury,” said Gupta in a Monday X post, adding:

“More than recovering the stolen funds, what is important for us is to identify and catch the attackers, because such things shouldn’t happen again, not with us, not with anyone in the industry.”

The hack “doesn’t impact any of our customers and the platform continues to run as normal,” he added.

Source: Sumit Gupta

The CoinDCX hack occurred a year after an unknown hacker stole over $230 million from WazirX, an Indian cryptocurrency exchange, in the second-largest cryptocurrency hack of 2024.

Still, these hacks pale in comparison to the over $1.4 billion exploit suffered by the Bybit exchange on Feb. 21, which marked the largest crypto theft in history.

Related: Bybit hacker launders 100% of stolen $1.4B crypto in 10 days

CoinDCX hack marks new wave of crypto exchange exploits

The CoinDCX hack is part of a renewed wave of exploits on centralized cryptocurrency exchanges, according to Michael Pearl, vice president of GTM strategy at blockchain security firm Cyvers.

The recent exchange hacks serve as “stark reminders that centralized platforms remain prime targets for sophisticated access control attacks,” Pearl told Cointelegraph, adding:

“In Q2 2024 alone, over 65% of losses in Web3 originated from CEX-related incidents, with nearly $500 million lost due to wallet access breaches.”

“These are not isolated events, they’re systemic weaknesses,” Pearl claimed, adding that the Cyvers team “urges exchanges to rethink their security posture” and move to preemptive solutions such as real-time wallet monitoring.

Related: Over 70% of hacked funds are lost to CeFi entities — Cyvers

Preemptive solutions, such as offchain transaction validation, could prevent 99% of all crypto hacks and scams by simulating and validating blockchain transactions in an offchain environment before mainnet execution, Pearl said.