Is the Lazarus Group Responsible for India’s $44M CoinDCX Theft? Cyvers Report Affirms Yes

On July 19, 2025, the prominent Indian digital currency protocol CoinDCX experienced a safety incident that led to the rekt of about $44.2 million in USDC and USDT. Following the breach, CEO Sumit Gupta addressed the situation on X on July 22, 2025, stating that “CoinDCX is in a strong financial position, fully operational, and dedicated to its long-term vision. For us, it’s business as usual.”

“We have completed 100%, I emphasize, one hundred percent of INR withdrawal requests on our network,” Gupta asserted.

Emerging information suggests that the breach may be linked to the North Korean Lazarus Group, a globally infamous, state-sponsored cybercrime organization recognized for its attacks on cryptocurrency exchanges.

According to cybersecurity firm Cyvers, the heist was accomplished in just five minutes through seven rapid transactions. The hackers demonstrated cross-chain skills to target operational wallets on the Solana blockchain.

Experts in cyber security at Cyvers noted that the CoinDCX breach exhibited a similar pattern to the WazirX incident and is believed to involve North Korea’s Lazarus Group.#CoinDCXHack #WazirX #LazarusGrouphttps://t.co/h7pchT5sQ8

— Cryptonews.com (@cryptonews) July 22, 2025

Explore: The 12+ Hottest Crypto Presales to Buy Right Now

Heist Resembled WazirX Exploit

The Cyvers report identified parallels between the $44 million CoinDCX breach and the $230 million Wazir incident, noting that both attacks often involve Lazarus Group and vulnerability breach trading network systems. Additionally, they circumvent standard monitoring and transfer assets across chains faster than manual detection systems can respond.

“Both incidents were detected by Cyvers, and our analysis indicates that this recent attack shares the characteristics of North Korea’s Lazarus Group, known to be one of the most aggressive state-sponsored hacker outfits targeting centralized exchanges,” the report from Cyvers mentioned. 

Experts from Cyvers highlighted the similarities in approach and timing between the breaches at CoinDCX and WazirX. They believe this serves as a warning to the entire cryptocurrency sector, especially in India.

Read More: CoinDCX $44.2M Crypto Hack: Customer Funds Safe

CoinDCX Suffers $44.2M Security Breach; Customer Funds Confirmed Safe

CoinDCX experienced a wrecked exceeding $44 million in USDC and USDT from an internal operational digital wallet.Importantly, this crypto wallet was distinct from the exchange’s reserves, safeguarding user funds, which were often validated through proof-of-reserves.

The breach was first identified by ZachXBT and Cyvers Alerts on X. The findings highlighted unauthorized transfers from the protocol, raising alarms about the safety weaknesses in centralized exchanges. Analysts indicated that the breach specifically targeted an internal crypto wallet used for providing market fluidity on a partner exchange.

As previously noted, this crypto wallet was apart from CoinDCX’s disclosed proof-of-reserves. The perpetrator commenced the hack using 1 ETH, transferring funds to Tornado Cash, a crypto mixer.

Our systems detected a breach of @CoinDCX centralized trading platform 20 hours ago.
Here’s what we’ve uncovered:
– The hacker misappropriated roughly $44.2M in USDC/USDT from one of the exchange’s operational wallets on Solana.
– The hacker funded the breach using 1 Ethereum from Tornado Cash.
– A part of the… pic.twitter.com/5PLliaZ6m4

— Cyvers Alerts (@CyversAlerts) July 19, 2025

Following this, the assailant executed various transactions to hide the original transfer, converting the stolen assets into ETH ▼-2.82% and SOL ▲4.09% before bridging them through different blockchains. By spreading the assets across multiple intermediary wallets, the hacker sought to complicate any tracing efforts.

DISCOVER: 20+ Next Crypto to Explode in 2025 

 

The post Is Lazarus Group Behind India’s $44M CoinDCX Heist? Cyvers Report Says Yes appeared first on 99Bitcoins.