Indian crypto exchange CoinDCX has announced the launch of a white-hat recovery bounty program following a Friday attack that resulted in an estimated $44 million loss for the attacker.
The company emphasized that the attack was confined to its corporate reserves that are held for liquidity provision purposes, and user assets are safe and untouched.
CoinDCX CEO Sumit Gupta confirmed the incident via X(Formerly Twitter) on Monday. Gupta explained that the funds were taken from internal accounts, not customer deposits, and that the loss has been absorbed by the company’s corporate treasury.
The exchange has offered a reward of up to 25% of any recovered stablecoins or other assets, encouraging ethical hackers or security researchers to assist in tracing and recovering the stolen amounts.
Gupta also stressed the importance of catching and apprehending the attackers so that such an occurrence in the future. “The exposure was from our own reserves, and we have already absorbed it through our corporate treasury,” he stated. “Aside from recovering the hacked funds, more than that, what is important to us is knowing and catching the attackers, because these things shouldn’t repeat again, not with us, not with anyone in the business.”
The hack identifies vulnerabilities in centralized cryptocurrency exchanges. Michael Pearl, vice president of go-to-market strategy at blockchain security firm Cyvers, explained that they have now become the highest-priority targets for advanced access control attacks.
He continued that in the second quarter of 2024 alone, losses in the Web3 ecosystem that happened due to centralized exchange attacks accounted for over 65%, with an estimated $500 million lost due to stolen wallet access.
Pearl urged exchanges to strengthen security measures and implement preemptive steps. “These are not isolated events, they’re systemic weaknesses,” he clarified.
He suggested measures like off-chain verification of transactions and real-time wallet monitoring to be able to identify future exploits.
The CoinDCX hacking occurred shortly after a severe WazirX hack in mid-2023, when over $230 million was stolen from the Indian exchange, the year’s second-largest crypto exchange hack.
However, the losses pale in comparison to the $1.4 billion exploit on Bybit in February 2024, which remains the largest recorded cryptocurrency theft.
CoinDCX confirmed that the platform continues to operate normally and that no withdrawal or trading activities have been interrupted.
The company said it is actively cooperating with law enforcement and industry partners, and hopes the bounty program will aid in the quick recovery and capture of the attackers.
Also Read: Bit Digital Buys More Ethereum, Grows ETH Holdings to 120,000+
