Lazarus Group Behind $44M CoinDCX Heist, Experts Find Same Exploit Pattern as WazirX

Author

Sujha Sundararajan

Author

Sujha Sundararajan

About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Share

Last updated: 

July 22, 2025

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas – from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

The July 19 heist on Indian crypto exchange CoinDCX, compromising $44 million, is reportedly linked to the infamous North Korean Lazarus Group.

According to cybersecurity experts from Cyvers, the incident follows the same exploit pattern as WazirX. Surprisingly, WazirX’s security breach occurred on the same date last year, resulting in a loss of $234 million through a series of suspicious transactions.

CoinDCX later confirmed the hack on its operational wallet, assuring that user funds remain unaffected.

Hackers Only Took 5 Min to Siphon Funds – Analysis

The cybersecurity team emphasised that the speed, precision, and cross-chain sophistication of this breach made it “alarming.”

The North Korean hacker group carefully planned a pre-attack setup from July 16, conducting a “test transaction” on 1 USDT.

“In just five minutes, 44 million USDT is siphoned out in rapid-fire bursts,” the analysts wrote, citing 7 separate transactions.

Hackers stole around $44.2M in USDC/USDT from one of the exchange’s operational wallets on Solana, Cyvers added.

Further, the Cyvers team stressed that the attacks on two distinct Indian crypto exchanges, WazirX and CoinDCX, “aren’t coincidences,” but “warnings.”

“If Lazarus is accelerating its focus on India’s largest exchanges, preemptive threat prevention isn’t optional,” cybersecurity experts noted. “It’s the only line of defense.”

CoinDCX Announces Recovery Bounty Program

The exchange has announced a recovery bounty program, where up to 25% of any recovered funds will be awarded to individuals or teams that help trace and retrieve the stolen crypto.

CoinDCX CEO Sumit Gupta took to X, stressing the need to identify and catch the attackers, more than recovering the stolen funds.

“Because such things shouldn’t happen again, not with us, not with anyone in the industry,” he wrote. “We will fight this and ensure that the Indian crypto community comes out of this stronger.”

Per the announcement, depending on the success of the assets recovery, the bounty could amount to as much as $11 million.