Indian cryptocurrency exchange CoinDXC announced a recovery effort after falling victim to a $44 million exploit on Friday, with the firm pledging a bounty for ethical hackers who help retrieve the stolen funds.
CoinDXC’s internal accounts used for “liquidity provision” were exploited on Friday, leading to $44 million worth of cryptocurrency being stolen, while user funds remained unaffected.
In an effort to recover the stolen funds, CoinDCX CEO Sumit Gupta announced a new recovery bounty program that offers white hat hackers up to 25% of any recovered funds they can help trace and retrieve.
“The exposure was from our own reserves, and we have already absorbed it through our corporate treasury,” said Gupta in a Monday X post, adding:
“More than recovering the stolen funds, what is important for us is to identify and catch the attackers, because such things shouldn’t happen again, not with us, not with anyone in the industry.”
The hack “doesn’t impact any of our customers and the platform continues to run as normal,” he added.
The CoinDCX hack occurred a year after an unknown hacker stole over $230 million from WazirX, also an Indian cryptocurrency exchange, in the second-largest cryptocurrency hack of 2024.
Still, these hacks pale compared to the over $1.4 billion exploit suffered by the Bybit exchange on Feb. 21, the largest crypto theft in history.
Related: Bybit hacker launders 100% of stolen $1.4B crypto in 10 days
CoinDCX hack marks new wave of crypto exchange exploits
The CoinDCX hack is part of a renewed wave of exploits on centralized cryptocurrency exchanges, according to Michael Pearl, vice president of GTM strategy at blockchain security firm Cyvers.
The recent exchange hacks serve as “stark reminders that centralized platforms remain prime targets for sophisticated access control attacks,” Pearl told Cointelegraph, adding:
“In Q2 2024 alone, over 65% of losses in Web3 originated from CEX-related incidents, with nearly $500 million lost due to wallet access breaches.”
“These are not isolated events, they’re systemic weaknesses,” Pearl said, adding that the Cyvers team “urges exchanges to rethink their security posture” and move to preemptive solutions such as real-time wallet monitoring.
Related: Over 70% of hacked funds are lost to CeFi entities — Cyvers
Preemptive solutions, including offchain transaction validation, could prevent 99% of crypto hacks and scams by simulating and validating blockchain transactions in an offchain environment before mainnet execution, Pearl said.
Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why