On 19 July 2025, major Indian cryptocurrency exchange CoinDCX suffered a security breach resulting in the theft of approximately $44.2 million in USDC and USDT. Despite the hack, CEO Sumit Gupta took to X on 22 July 2025 to say that “CoinDCX remains financially strong, fully operational, and firmly committed to building for the long term. For us, it’s business as usual.”
“We have processed 100%, I repeat, one hundred percent of INR withdrawal requests on the platform,” Gupta insisted.
Now, it has come to light that the hack could possibly be attributed to the North Korean Lazarus Group – an internationally notorious, state-owned, cybercrime syndicate known for targeting crypto platforms.
Cybersecurity firm Cyvers reported that the theft was executed within just five minutes. It involved seven high-speed transactions. The hackers showed cross-chain expertise to exploit operational wallets on the Solana blockchain
Cybersecurity experts from Cyvers said that the CoinDCX hack had a similar exploit pattern as WazirX and is reportedly linked to the North Korean Lazarus Group.#CoinDCXHack #WazirX #LazarusGrouphttps://t.co/h7pchT5sQ8
— Cryptonews.com (@cryptonews) July 22, 2025
Explore: The 12+ Hottest Crypto Presales to Buy Right Now
Heist Resembled WazirX Hack
Citing similarities between $44 million CoinDCX hack and the $230 million Wazir hack, the Cyvers report said that these attacks, often involving Lazarus Group, exploit exchange infrastructure. Furthermore, they bypass traditional monitoring, and move assets across chains faster than manual detection can react.
“Both were detected by Cyvers, and our analysis suggests this latest attack bears the hallmarks of North Korea’s Lazarus Group, one of the most aggressive state-sponsored hacker syndicates targeting centralized exchanges,” the Cyvers report stated.
Cyvers’ experts stressed that there is a similar modus operandi and timing between the CoinDCX and WazirX hacks. According to them, it is a warning to the broader crypto industry, particularly India.
Read More: CoinDCX $44.2M Crypto Hack: Customer Funds Safe
CoinDCX Suffers $44.2M Security Breach; Customer Funds Confirmed Safe
CoinDCX lost over $44 million in USDC and USDC from an internal operational wallet. Crucially, this wallet was separate from the exchange’s reserves, ensuring that user funds, often verified through proof-of-reserves, were unaffected.
The breach was first detected by ZachXBT and Cyvers Alerts on X. The report revealed unauthorized transfers from the exchange, raising concerns about the vulnerabilities of centralized exchanges. Analysts noted that the breach targeted an internal wallet used for liquidity provision on a partner exchange.
As mentioned, this wallet was separate from CoinDCX’s published proof-of-reserves. The attacker initiated the exploit using 1 ETH, sending funds to Tornado Cash, a crypto mixer.
Our system has detected a hack into @CoinDCX centralized exchange 20 hours ago.
Here's what we know:
– The hacker stole around $44.2M in USDC/USDT from one of the exchange's operational wallets on Solana.
– The hacker funded the hack with 1 ETH from Tornado Cash.
– Part of the… pic.twitter.com/5PLliaZ6m4—
Cyvers Alerts
Subsequently, the hacker executed multiple transactions to obscure the original transfer, converting stolen funds to ETH ▼-2.82% and before bridging them across different blockchains. By dispersing funds across multiple intermediary wallets, the hacker aimed to complicate tracing efforts.
DISCOVER: 20+ Next Crypto to Explode in 2025
Key Takeaways
-
North Korea’s Lazarus Group is behind CoinDCX’s security breach that resulted in the theft of approximately $44.2 million in USDC and USDT.
-
Cybersecurity firm Cyvers reported that the theft was executed within just five minutes. It involved seven high-speed transactions.
The post Is Lazarus Group Behind India’s $44M CoinDCX Heist? Cyvers Report Says Yes appeared first on 99Bitcoins.
