Latest news with #CoindcxTreasury
&w=3840&q=100)
Business Standard
2 days ago
- Business
- Business Standard
CoinDCX offers up to 25% recovery bounty after $44.2 mn crypto theft
CoinDCX offers up to 25% bounty after $44.2 mn theft. Firm seeks white-hat help in crypto recovery, amid rising cyberattacks on Indian exchanges New Delhi Cryptocurrency exchange platform CoinDCX has unveiled a recovery bounty initiative after a security breach that led to the theft of $44.2 million (around ₹378 crore) from its treasury. The platform will offer up to 25 per cent of recovered funds as a reward to those who assist in retrieving the stolen assets and identifying the culprits. The CoinDCX Recovery Bounty Programme, announced on Monday, invites ethical hackers, white-hat researchers, and ecosystem partners to collaborate in the investigation. The company said the aim is not only to recover funds but also to 'rally the Web3 community in the fight against cybercrime'. According to the statement, the potential bounty pool could amount to as much as $11 million, provided full recovery is achieved. Internal account breach, not customer wallets The breach, which was announced on Saturday (July 19), involved unauthorised access to one of CoinDCX's operational accounts used for liquidity provisioning on a partner exchange. Co-founder and CEO Sumit Gupta clarified that the compromised account was isolated and that customer funds were never at risk. 'The affected operational account is segregated from customer wallets. The entire loss will be absorbed by us using our treasury reserves,' said Gupta in a post on X. Announcing the @CoinDCX Recovery Bounty Program: Up to 25% of any recovered funds will be awarded to individuals or teams who can help trace and retrieve the stolen crypto. Just to give more context: -> We want to be upfront. The exposure was from our own reserves, and we have… — Sumit Gupta (CoinDCX) (@smtgpt) July 21, 2025 Co-founder Neeraj Khandelwal echoed the reassurance, saying, 'Our first and foremost objective throughout the day has been to secure assets. Coindcx Treasury will be bearing these losses.' Funds routed via Solana and Ethereum Preliminary investigations revealed that the stolen assets were moved through Solana-Ethereum bridges and later consolidated into 4,443 ETH (roughly $15.7 million) and 155,830 SOL (valued at $27.6 million). These funds are currently dormant, and CoinDCX is working with partners to freeze and recover them. As part of its response, the firm is collaborating with global cybersecurity experts, CERT-In (India's Computer Emergency Response Team), and partner exchanges. A detailed forensic report will be made public upon completion of the investigation. Following the attack, users reported issues accessing their portfolios, which CoinDCX attributed to server load caused by increased traffic. The firm has since scaled its server capacity, and access has been restored. 'We have significantly enhanced server capacity to serve users better,' Khandelwal said in a follow-up post. Part of a larger pattern? The CoinDCX incident follows a similar attack on WazirX, another Indian exchange, which suffered a $230–235 million breach in July 2024. In that case, WazirX proposed a socialised loss solution that returned only partial funds to users, drawing criticism from the crypto community. Founded in 2018, CoinDCX claims to have over 16 million users and recorded $492 million in spot trading volume in May 2025, with Bitcoin and Ethereum leading trades. CoinDCX has said that the breach is a moment of reckoning, not retreat. 'Every security incident is a learning experience. We will come out stronger and work with the community to secure the industry,' said Gupta.
News18
2 days ago
- Business
- News18
Customer Money Is '100% Safe', Says CoinDCX After Hackers Steal $44 Million
In a First Incident Report, CoinDCX says the total exposure is being absorbed entirely by CoinDCX, using the company's treasury reserves. CoinDCX, India's largest homegrown crypto exchange, has faced a 'sophisticated server breach" that compromised one of its internal operational accounts, resulting in theft of $44.2 million, or Rs 378 crore. Following this, panic started among retail investors about their funds. However, the crypto exchange said the customers' money is 'completely safe". In a First Incident Report released on Sunday, CoinDCX said the total exposure is being absorbed entirely by CoinDCX, using the company's treasury reserves. 'Today, one of our internal operational accounts — used only for liquidity provisioning on a partner exchange — was compromised due to a sophisticated server breach. I confirm that the CoinDCX wallets used to store customer assets are not impacted and are completely safe. This won't cause any loss to our customers. CoinDCX will be bearing the full amount," said CoinDCX co-founder Sumit Gupta in a post on X. 'The total amount lost was USD 44Mn out of our treasury assets. Coindcx Treasury will be bearing these losses," said another co-founder Neeraj Khandelwal. Customer Anxiety 'Wow @CoinDCX. You guys got hacked in last couple of hours n I am unable to access my dashboard n wallet…. Atkeast inform your customers and keeping them in dark won't help #digitalindia startup has week foundations from Day1," a user wrote on X. Users also complained about not being able to withdraw money. 'Hey @CoinDCX, I m unable to withdrawal my money I did everything which is given in instructions update email kyc and all but still you guys don't giving me withdrawal are you like wizirx farjii type," wrote a user. The incident once again puts the spotlight on mounting security threats in the highly volatile world of cryptocurrencies. Last year, crypto exchange WazirX faced a hack in India, leading to the loss of more than $230 million, and marking one of the biggest such heists in India. The theft had prompted a thorough examination of safety measures and eroded sentiments. What's The Update? The co-founders have updated that Portfolio APIs have been restored. Affected infrastructure has been completely isolated, and CoinDCX operations continue to run normally, the company said. CERT-In, or the Indian Computer Emergency Response Team, has been informed about the incident. Detailed forensics with two globally reputed security agencies is being carried out, and reports will be shared for public benefit, it added. 'CoinDCX services remain fully operational. Trading activity, INR deposits and INR withdrawals continue. INR withdrawals below Rs 5 lakhs will reflect in your account within 5 hours, while withdrawals above Rs 5 lakhs will be processed within 72 hours. The incident was isolated and has no impact on your portfolio access or operations," the company stated. view comments Disclaimer: Comments reflect users' views, not News18's. Please keep discussions respectful and constructive. Abusive, defamatory, or illegal comments will be removed. News18 may disable any comment at its discretion. By posting, you agree to our Terms of Use and Privacy Policy.
Business Standard
3 days ago
- Business
- Business Standard
CoinDCX loses $44 million in major cyberattack: All you need to know
Crypto exchange CoinDCX lost was $44 million out of our treasury assets after a major cybersecurity breach on Saturday. However, the company said that customer funds were safe and that the firm will be bearing these losses. The incident came around the heals of the first anniversary of a security breach at WazirX, another cryptocurrency exchange which reported theft of approximately $230–235 million in July 2024. Founded in 2018, CoinDCX claims over 16 million users. It handled $492 million in spot trade volume in May 2025, with Bitcoin and Ethereum leading trades. CoinDCX cyberattack: What happened? In a post on X on Saturday evening, Co-Founder and CEO Sumit Gupta revealed that one of CoinDCX's internal operational accounts, which was used only for liquidity provisioning on a partner exchange, was "compromised due to a sophisticated server breach". He also assured customers that CoinDCX wallets used to store assets were not impacted. "The incident was quickly contained by isolating the affected operational account. Since our operational accounts are segregated from customer wallets, the exposure is only limited to this specific account and is being fully absorbed by us - from our own treasury reserves," he said. Gupta said that CoinDCX was collaborating with the exchange partner to block and recover assets, and would come out with a bug bounty program soon. "Every security incident is a learning and we will learn from this and further strengthen our platform, more importantly this is our time to win this war against cyberthreats in the industry and we commit to work together with experts to secure our industry," he said. Co-Founder Neeraj Khandelwal also said the total amount lost was $44 million. "Coindcx Treasury will be bearing these losses. Our first and foremost objective throughout the day has been to first secure assets," he said. Portfolio APIs jammed Due to the breach and the subsequent security protocols, users flagged issues like unable to load portfolios on CoinDCX. In response, Khandelwal said it was because of excessive load on the platform and more server capacity was being provisioned. Later, Khandelwal said that portfolios are back up. "We have significantly enhanced the server capacity to serve users," he said. WazirX cyber breach incident On July 18, 2024, WazirX suffered a massive cyberattack on one of its multisignature wallets, resulting in the theft of approximately $230–235 million in user funds. WazirX immediately halted deposits and withdrawals, reversed all trades conducted after 1 pm on July 18, and restored balances to their pre-hack state. The exchange then proposed a controversial socialised loss strategy: users would recover 55 per cent of their crypto holdings for trading or withdrawal, while 45 per cent would be locked in USDT-equivalent tokens. WazirX reported the breach to CERT-In, Financial Intelligence Unit (FIU) India, and Indian law enforcement, and offered bounty programmes, though recovery was expected to be challenging. Investigations attributed the hack to the notorious North Korean Lazarus Group.
