Lavid further noted that the centralized exchange exploit and precise understanding of liquidity provisioning strongly indicate the involvement of an experienced and highly coordinated threat actor.
He added:
“Although the compromised account was segregated from user wallets, its operational privileges were sufficient to execute large-scale fund movements without triggering immediate alarms.”
In response to the attack, CoinDCX launched a bounty program on July 21, offering up to 25% of any recovered funds as a reward. Depending on the success of recovery efforts, the reward could amount to as much as $11 million.
“More than recovering the stolen funds, what is important for us is to identify and catch the attackers, because such things shouldn’t happen again, not with us, not with anyone in the industry.”
Meanwhile, Gupta also emphasized that the company was covering the loss through its corporate treasury and reiterated that user funds were unaffected.
