CoinDCX After $44 Million Hack: Fixing System Vulnerabilities, Launching Bug Bounty Program, and Strengthening Cybersecurity Measures to Protect Users

Indian cryptocurrency exchange CoinDCX has suffered a cyberattack that resulted in the theft of $44.2 million 2 5 . The incident occurred on July 19, 2025, when attackers gained access to an internal CoinDCX account designed to manage liquidity on a third-party platform 6 8 .

Circumstances of the hack and the exchange’s reaction:

CoinDCX CEO Sumit Gupta confirmed the hack, noting that only one of the operational wallets 5 6 was affected . According to him, user funds were not affected and remain safe in cold wallets 5 6 7 .
CoinDCX quickly isolated the compromised account and began working with cybersecurity experts to investigate the incident and strengthen its infrastructure 5 7 . The exchange also notified the National Cyber Incident Response Team 7 .
The damage will be fully covered by CoinDCX corporate reserves 5 6 7 .
To recover the stolen funds and identify the perpetrators, CoinDCX has launched a bounty program, offering “white hat hackers” up to 25% of the recovered assets 1 3 4 . This is aimed at incentivizing the community to help with the investigation 3 .
According to CryptoSlate and Cyvers CEO Deddy Lavid, the North Korean group Lazarus Group may have been involved in the CoinDCX attack 2 9 10 . The attackers followed a pattern similar to previous operations by the group, including using the Tornado Cash crypto mixer and cross-chain bridges to hide the movement of funds 2 5 6 .

Comparison with other hacks and general trend:

The CoinDCX hack occurred exactly one year after another Indian exchange, WazirX, was attacked, where around $230-235 million was stolen 1 3 6 8 .
However, both of these incidents pale in comparison to the largest hack in the history of the crypto industry, which took place on the Bybit platform in February 2025, resulting in the theft of more than $1.4 billion 1 3 5 .
Michael Pearl, VP of GTM Strategy at Cyvers, notes that centralized exchanges (CEXs) remain a prime target for sophisticated cyberattacks 1 3 . According to him, in Q2 2024, 65% of Web3 losses were due to CEX incidents, with $500 million lost due to wallet compromises 1 .
Pearl emphasizes the need to rethink security approaches, implement preventative solutions such as real-time transaction monitoring and verify off-chain transactions before they are executed on the main network to prevent fraud 1 .

What Security Measures Does CoinDCX Plan to Take Following This Hack?

Following the hack, Indian cryptocurrency exchange CoinDCX is taking several measures to restore and strengthen its security. One of the main measures is the launch of a bounty program that offers “white hat hackers” up to 25% of the recovered funds for helping to investigate and identify the attackers 5 . In addition, CoinDCX has frozen the affected systems and is working with security experts to investigate the incident and strengthen the infrastructure 7 . The exchange has also notified the National Cyber Incident Response Team 6 .

The company also plans to implement a bounty program for independent security researchers 9 . Cyvers noted that North Korean hackers were able to access the exchange due to security flaws in the system configuration and account protocol vulnerabilities 1 . Thus, CoinDCX will work to eliminate these system vulnerabilities 5 . Michael Pearl, VP of GTM Strategy at Cyvers, emphasizes the need to implement preventative solutions such as real-time transaction monitoring and verification of off-chain transactions before they are executed on the main network to prevent fraud 5 .

What new protocols and security tools does CoinDCX plan to implement?

Following the hack, CoinDCX plans to take a number of security measures. The main ones include:

Launch of a Bug Bounty Program : CoinDCX intends to launch a Bug Bounty program to identify and fix potential security holes 2 . This will allow independent security researchers to report vulnerabilities in exchange for a reward 2 .
Collaboration with cybersecurity experts : The exchange has already engaged third-party cybersecurity firms to investigate the incident, fix the vulnerabilities and trace the stolen funds 2 3 .
Fixing System Vulnerabilities : Cyvers noted that the hack was possible due to “security configuration flaws and account protocol vulnerabilities” 4 . CoinDCX will work to fix these vulnerabilities 2 .
Implementing Preventative Solutions : Michael Pearl, VP of GTM Strategy at Cyvers, recommends implementing preventative solutions such as real-time transaction monitoring and off-chain transaction verification before they are executed on the mainnet to prevent fraud 2 . While this has not been directly confirmed by CoinDCX as a specific planned measure, it is a general recommendation to improve security.
Increased Transparency : CoinDCX CEO Sumit Gupta said the company will provide real-time updates as the incident is investigated to maintain user trust 2 .
Crypto Investor Protection Fund (CIPF) : CoinDCX has already launched a Crypto Investor Protection Fund (CIPF) with an initial allocation of INR 50 crore (approximately USD 6 million as of August 2024), where it plans to add 2% of brokerage revenue. This fund is intended to compensate users for losses in unexpected security scenarios and is part of the efforts to increase confidence in the Indian crypto ecosystem 5 . The exchange also plans to store customer funds in multiple locations for additional protection 5 .

CoinDCX claims to prioritize security, using a proactive approach to protect systems, prevent abuse of internal mechanisms, minimize human error, and combat data fraud 1 . The exchange is also the first officially registered Indian crypto exchange to be ISO 27001:2022 certified 5 .

What is the role of the vulnerability bounty program?

CoinDCX is launching a bug bounty program that will play a key role in improving the platform’s security following the recent hack 1 .

The role of the rewards program:

Vulnerability Detection and Remediation The program allows independent security researchers, or “white hat hackers,” to find and report potential bugs and security holes in CoinDCX 1 5 9 . This helps the company detect and fix vulnerabilities before they are exploited by attackers 4 .
Community Incentives CoinDCX offers a reward (up to 25% of recovered funds) for assistance in investigating the incident and returning stolen assets 1 . This incentivizes the broader community of security experts to participate in protecting the platform 1 5 .
Supplement to Internal Testing Bug Bounty programs complement the work of in-house cybersecurity teams, especially when large companies have many products and their internal resources may not be sufficient for comprehensive testing 1 .
Building Trust Openly collaborating with the security community through programs like this demonstrates CoinDCX’s commitment to security and transparency, which helps restore user trust following the 1 incident .
Preventing Future Attacks The goal of the program is to help identify attackers and prevent similar attacks in the future, both for CoinDCX and the entire industry 1 .

How the company plans to improve its response to security incidents

CoinDCX plans to improve its response to security incidents by engaging independent experts and implementing preventative solutions.

Key measures to improve response:

Collaboration with cybersecurity experts : The exchange has already hired third-party firms to investigate the incident, fix vulnerabilities and track down the stolen funds 2 .
Bug Bounty Program : Launching a bounty program will allow independent security researchers to find and report potential bugs and holes in the system, which will help the company detect and fix vulnerabilities before they are exploited by attackers 2 . It also incentivizes the expert community to participate in securing the platform 2 .
Fixing System Vulnerabilities : Cyvers indicated that the hack was caused by “security configuration flaws and account protocol vulnerabilities.” CoinDCX will work to fix these system vulnerabilities 2 .
Implementation of preventive solutions : It is recommended to implement solutions such as real-time transaction monitoring and off-chain verification of transactions before they are executed on the main network to prevent fraud 2 .

To effectively respond to information security incidents, companies generally need to have pre-developed scenarios and conduct regular exercises 2 . It is also important:

Risk Assessment : Determining the likelihood of risks in the cybersecurity infrastructure and identifying vulnerabilities 1 .
Identify response team members : Clearly document the roles and responsibilities of each key team member, conduct training and test functions 1 .
Documenting and Prioritizing Incidents : Defining what is considered an incident, who is responsible for activating the response strategy, and setting priorities for promptly handling the threat 1 .
Incident Analysis : Each incident should be carefully analyzed to identify weaknesses and prevent similar situations from recurring in the future 2 7 .

While the response process may vary by organization, it is important to have a response plan that covers internal and external processes and to test it regularly for the most serious types of cyber attacks 6 .

How New IT Solutions Improve the Accuracy of Cyber Threat Mitigation

New IT solutions significantly improve the accuracy of cyber threat mitigation through the use of artificial intelligence (AI), machine learning (ML) and automation, which allows for faster and more effective detection, analysis and response to attacks.

The main mechanisms for increasing accuracy:

Automatic anomaly and threat detection : AI systems model normal user and network behavior to identify unusual activity that may indicate a cyberattack. This reduces the workload of specialists and reduces the number of false positives, allowing you to focus on real incidents 1 5 6 .
Contextual and correlation analysis : AI analyzes multiple factors—timestamps, data sources, activity types—to identify complex and multi-stage attacks, improving threat detection accuracy 6 .
Threat Prediction and Incident Prevention : By processing large amounts of data and identifying patterns, AI helps predict potential attacks and take preventive measures, changing the approach from reactive to proactive 2 5 .
Automate threat response : New IT solutions can not only detect threats, but also automatically block malicious traffic, isolate compromised systems, and quickly remediate vulnerabilities, reducing response times and reducing the risk of human error 1 5 .
Continuous monitoring and adaptive protection : Systems continuously scan infrastructure for vulnerabilities and adapt to the changing threat environment, increasing resilience to new and sophisticated attacks 1 6 .
Reduce false positives and save resources : By training on real-time data and fine-tuning machine learning models, AI minimizes false alarms, making protection more effective and allowing you to focus your efforts on real threats 1 6 .
Integration of various security tools : Modern IT solutions combine the functions of firewalls, intrusion detection systems (IDS/IPS), incident response systems (EDR, XDR), vulnerability management, as well as risk and compliance management (GRC) platforms, providing a comprehensive multi-layered approach 1 4 .

Thus, new IT solutions improve the accuracy of cyber threat mitigation through a combination of intelligent analysis, automation and integration of protection mechanisms, which is critically important in the context of growing and more complex cyber threats 1 2 4 5 6 .

Is CoinDCX Planning to Audit Its Infrastructure After the Hack?

While CoinDCX’s explicit statements do not mention the word “audit,” the actions the exchange is taking following the hack actually amount to a deep analysis and re-evaluation of its security infrastructure .

CoinDCX has confirmed that it is investigating the server hack that led to the theft and has frozen the affected systems 6 . The exchange is collaborating with security experts to contain the incident and strengthen its security measures 1 6 . Specifically, CoinDCX is working with cybersecurity experts from Sygnia, zeroShadow, and Seal911 , as well as the Solana Foundation and Superteam , and the Wormhole and deBridge bridge teams to block and return the stolen funds 2 . This comprehensive collaboration involves a detailed examination of the infrastructure to identify weaknesses.

In addition, the launch of the Bug Bounty program is a direct step towards independent security auditing 1 3 . This program encourages “white hat hackers” and other security experts to identify potential issues, which is effectively an external audit aimed at detecting and fixing vulnerabilities that may have been missed by internal checks 2 7 .

Thus, while CoinDCX does not explicitly use the term “audit,” the steps it has taken to analyze compromised systems , collaborate with external experts , and launch a Bug Bounty indicate that it is conducting a comprehensive review and strengthening its security infrastructure.

What measures to enhance the protection of internal accounts have already been implemented in the platform

There is no specific information in open sources about measures to enhance the protection of internal accounts specifically on the CoinDCX platform. However, based on general security standards for financial organizations and crypto exchanges, we can identify typical measures that are likely being implemented or planned by CoinDCX to protect internal accounts:

Isolation of operational accounts from user wallets – CoinDCX confirmed that the hack affected only one of its internal operational accounts, and user funds are kept separate in cold wallets, significantly reducing the risk of loss for customers 1 6 .
Multi-factor authentication (MFA) is the mandatory use of multiple levels of access verification to internal systems to prevent unauthorized entry.
Strict access control policies – limiting user and administrator rights to only the necessary permissions, monitoring and auditing actions with accounts.
Monitoring and automated anomaly detection – implementing real-time systems that track atypical behavior and instantly signal suspicious transactions.
Use of hardware security and cryptography – storing keys and credentials in secure devices, using modern encryption algorithms for data transmission and storage.
Network and systems segmentation is the division of infrastructure into isolated segments to prevent the spread of an attack if one part is compromised.
Regular internal and external security audits – penetration testing, risk assessment, elimination of identified vulnerabilities.

Such measures are in line with the recommendations of regulators and the practices of large financial institutions 2 3 10 . In the case of CoinDCX, it is already known that after the hack, the company quickly localized the incident, isolating the compromised account, which indicates the implementation of at least some of these security protocols 6 .

Thus, CoinDCX most likely takes a comprehensive approach to protecting internal accounts using multi-layered measures that are designed to prevent unauthorized access and minimize losses in the event of a cyberattack.

Indian cryptocurrency exchange CoinDCX suffered a massive cyberattack in July 2025, during which attackers were able to steal approximately $44.2 million from one of the exchange’s internal operating accounts. The incident was made possible by a number of systemic vulnerabilities related to security settings and account protocols within the platform’s infrastructure, identified by specialists from the cybersecurity services company Cyvers.

The main reason for the hack, as indicated by Cyvers experts, was “gaps in the security configuration system and vulnerabilities in the account protocols.” This means that the access settings and mechanisms for authentication and authorization of users and services on the platform had serious flaws that the attackers successfully exploited to obtain legitimate privileges. They penetrated the system using, probably, open API keys, incorrect permission settings and other technological breaches, which allowed them to control the internal resources of the exchange.

The attack was carried out by the Lazarus Group, a North Korean hacker group known for its sophisticated cyber operations. The attackers used the Tornado Cash crypto mixer and cross-chain bridges to hide the traces of the stolen funds, transferring them first from the Solana blockchain to Ethereum and then laundering them through various protocols.

In response to the incident, CoinDCX was able to quickly localize the attack and isolate the compromised internal account, ensuring that user funds stored in cold wallets remained safe. The exchange’s CEO, Sumit Gupta, stated that all losses will be fully covered from the company’s corporate reserves, and user assets were not affected.

The company nevertheless recognizes the critical importance of addressing the identified system vulnerabilities and aims to improve security comprehensively. Specific steps that CoinDCX is taking include:

deep analysis of all security settings and account protocols to identify and fix gaps;
eliminating technological vulnerabilities in authentication systems, access management and internal audit of API keys and permissions;
launching a reward program (Bug Bounty) to involve external specialists in finding and eliminating weak points;
collaboration with leading cybersecurity experts for auditing and monitoring;
Implementation of modern preventative solutions such as real-time transaction monitoring and off-chain transaction verification to detect suspicious activity.

This incident vividly illustrates the systemic challenges that centralized crypto exchanges face. Vulnerabilities in account protocols and configuration errors can lead to serious financial losses, despite all existing security measures. CoinDCX takes this incident as a lesson and is betting on a rigorous audit of all its systems to improve the platform’s resilience to similar attacks in the future and strengthen user trust.

Thus, fixing systemic vulnerabilities in security settings and account protocols has become a priority for CoinDCX in the context of responding to the cyber attack, reaffirming their commitment to ensuring the security of the entire exchange ecosystem and the Indian crypto market as a whole 1 2 3 6 .