Ethereum News Today: CoinDCX Offers 25% Bounty to Recover $44.2 Million Stolen

Generated by AI AgentCoin World
Monday, Jul 21, 2025 12:06 pm ET2min read
BTC
--
ETH
--
SOL
--
Aime RobotAime Summary

- Indian crypto exchange CoinDCX launched a 25% bounty program to recover $44.2M stolen from its corporate treasury via a July 19, 2025 breach.

- Hackers used Tornado Cash and cross-chain protocols to launder $15.8M, with stolen ETH traced to a wallet holding over $46M in Ethereum.

- CoinDCX confirmed no user funds were affected, but faced criticism for delayed transparency as stolen assets were moved across Solana, Bitcoin, and Ethereum addresses.

- The exchange is overhauling security systems with support from Solana Foundation and cybersecurity firms to prevent future exploits.

Indian cryptocurrency exchange CoinDCX has launched a Recovery Bounty Program, offering up to 25% of a $11 million pool to anyone who helps recover the $44.2 million stolen from its internal treasury on July 19, 2025. The program aims not only to recover the stolen digital assets but also to identify and prosecute those responsible for the breach.

The breach was first detected by blockchain security platform Cyvers Alerts, which detailed how the hacker siphoned funds from CoinDCX’s internal operational wallets. These wallets were reportedly used solely for liquidity provisioning on a partner exchange. The exchange’s co-founders, Sumit Gupta and Neeraj Khandelwal, emphasized that the exploit did not affect user funds, ensuring that customer assets remained secure.

According to Cyvers Alerts, the attacker initiated the exploit by transferring 1 ETH through Tornado Cash, a crypto mixer known for laundering stolen assets. Shortly after this funding transaction, approximately $15.8 million of the stolen crypto was bridged to

Ethereum
through cross-chain protocols. Blockchain security sleuth ZachXBT traced the destination wallet identified on Etherscan as 0xEF0c5b9E0E9643937D75C229648158584A8CD8D2, which has since received over 12,144 ETH, equivalent to more than $46 million at the current price of $3,818 per coin.

Etherscan data reveals that the hacker’s wallet has conducted at least ten Ethereum transactions since July 19. Among these, a major transfer of 674.63 ETH took place approximately six hours before the time of writing, originating from address 0xac1891c1…83eC75bEC. The same sender also transferred 10 ETH and 7,017 ETH in separate transactions within the same timeframe. Additionally, 4,443 ETH was transferred to the wallet two days ago, likely as part of the initial exploit. The same sender address was involved in multiple interactions with the wallet now holding the stolen funds. At press time, the wallet in question holds exactly 12,144.63 ETH, with no other additional tokens listed under its asset profile.

CoinDCX has stated that the exploited funds came exclusively from its corporate treasury and not from customer holdings. The exchange has begun overhauling its security frameworks and re-engineering parts of its system architecture to prevent future incidents. “Our wallet systems were never compromised, but we’ve still gone deeper, tightening security and redesigning parts of our infrastructure to ensure this never happens again,” the exchange wrote in a statement.

The recovery initiative has received support from the

Solana
Foundation, Superteam, and bridge partners Wormhole and deBridge. CoinDCX has also lauded cybersecurity firms and blockchain forensics entities, including Sygnia, zeroShadow, and Seal911, for their assistance in the ongoing investigation. However, there have been concerns raised about the exchange’s transparency, particularly regarding its delayed response to the exploit. The exchange was silent for approximately 17 hours after the breach and gave no public comment during the early window of the attack, allowing the stolen funds to be actively moved across several wallets and networks in calculated transactions.

According to ZachXBT’s analysis on his Telegram channel, the stolen assets were moved to three addresses: a Solana-based wallet, a

Bitcoin
address, and an Ethereum wallet. This detailed investigation highlights the complexity and sophistication of the attack, underscoring the need for enhanced security measures in the cryptocurrency industry. CoinDCX’s proactive approach in launching the Recovery Bounty Program and overhauling its security infrastructure demonstrates its commitment to protecting its assets and maintaining trust within the community.