CoinDCX Launches $11M Recovery Bounty After $44M Hot Wallet Hack

Source: CoindDCX Recovery Bounty Program | HackenProof

Incident Overview

On July 19, 2025, CoindDCX, India’s leading crypto investment platform, confirmed a critical security breach. A server-side exploit led to the compromise of one of their internal operational hot wallets used for liquidity provisioning, resulting in the unauthorized withdrawal of approximately $44.2 million in USDC/USDT.

Key points:

• The incident was quickly contained by isolating the affected wallet.
• No customer funds were impacted - all user assets remain secure in segregated cold wallets.
• The entire loss is being covered by CoindDCX’s treasury reserves.

Current Wallet Balances (As of 9:40 AM IST, July 21, 2025)

• 0xEF0c5b9E0E9643937D75C229648158584A8CD8D2 - $43,038,946.80
• FjHQU798zWpUUQ3J3U2dadc6xSgsoJx61skyKLQNrkme - $748,811.21
• 6peRRbTz28xofaJPJzEkxnpcpR5xhYsQcmJHQFdP22n - $2.24
• Cmb8R9Zuo3SBt6PBNoYLtMrTtrMGm2k6xJeYs68pdXfg - $60
• CFyirkSrwxmtGYM1AYJkexrcNmGfYLZnjwbJwvs3AvcZ - $180
• E48J4WuXAxfp76KVsSb7J7C4jQEdfp5HMvfnFE9v62FU - $1.65
• 3btch8cSVp3Uh2SiY9DeiRNYUBmFiBNHZQzDyecJs7Gu - $2.67

Bounty Program Details

To aid fund recovery, CoindDCX has introduced an $11 million reward program aimed at security experts and blockchain analysts globally.

Rewards Breakdown

• Up to 25% of recovered funds will be awarded for actionable intelligence that leads to asset recovery or patching the vulnerability.
• An additional 12.5% bonus is available to those who help freeze hacked funds or are the first to trace the stolen assets to their freezing point.
• Participants may qualify for rewards in both roles if applicable.
• Payouts are contingent upon recovery of the frozen assets, either in full or partially.

Eligibility and Rules

• Open to white-hat hackers, security researchers, blockchain analysts, and community members worldwide.
• Rewards apply only to submissions leading to tangible recovery results.
• Reports based on public data, assumptions, or broad wallet identifiers without follow-up actions are not eligible.

How to Get Involved

• All submissions should be made via the HackenProof platform.
• Participants can submit details of vulnerabilities or intelligence relating to the fund’s whereabouts.
• Submission guidelines and forms are available on the HackenProof website.

Stay informed on Web3 security and contribute to safeguarding crypto assets by engaging with bounties like this one.

For further details and to participate, visit HackenProof: https://hackenproof.com

Quick Summary:

• $44.2M stolen from CoindDCX hot wallet due to server breach.
• No user assets lost; treasury covers exposure.
• $11M bounty offered for fund recovery, with up to 25% reward.
• Open globally via HackenProof; detailed, actionable reports required.