Indian cryptocurrency exchange CoinDCX has confirmed a significant cyberattack over the weekend, resulting in the theft of over $44 million from one of its internal operational accounts. While user funds remain safe and unaffected, the company has launched an ambitious “Recovery Bounty Program” to enlist the broader Web3 community in tracing and recovering the stolen assets, offering up to 25% of any retrieved funds as a reward.
The incident, which saw approximately $44.2 million worth of cryptocurrency siphoned from CoinDCX’s internal operational accounts, was first announced by co-founders Neeraj Khandelwal and Sumit Gupta on Saturday afternoon after detecting “issues” within their systems. They swiftly confirmed that the breach targeted an internal operational account used for liquidity provisioning on a partner exchange, emphasizing that customer wallets were never compromised. The company has moved to absorb the entire loss using its own treasury reserves, asserting its financial strength and continued operational status.
The co-founders acknowledged the “tough” past few days but pivoted the narrative towards a collective stand against cybercrime.
Their newly launched “CoinDCX Recovery Bounty Program” is a direct call to action for ethical hackers, white-hat researchers, and anyone dedicated to enhancing crypto security. The program offers a substantial bounty of up to 25% of all successfully recovered funds, potentially reaching $11 million if a full recovery is achieved. Beyond financial recovery, the initiative aims to gather actionable intelligence that leads to the identification and legal resolution against those involved in the attack.
CoinDCX has been transparent about the movement of the stolen funds, providing specific wallet addresses where the assets were consolidated. These include a Solana wallet holding approximately $27.6 million and an Ethereum wallet with about $15.7 million. The company is actively collaborating with leading cybersecurity firms such as Sygnia, zeroShadow, and Seal911, as well as ecosystem partners like the Solana Foundation, Superteam, Wormhole, and deBridge, to trace the funds and identify the culprits.
This incident, while a significant blow to CoinDCX’s treasury, has prompted a deeper dive into their security architecture. The exchange has already begun tightening security protocols and redesigning parts of its infrastructure to prevent future occurrences. By absorbing the financial loss and proactively seeking community assistance, CoinDCX aims not only to recover funds but also to set a new standard for transparency and collective action in the face of evolving cyber threats within the burgeoning Web3 space.
Reference:
