On 19 July 2025, major Indian cryptocurrency exchange CoinDCX suffered a security breach resulting in the theft of approximately $44.2 million in USDC and USDT. Despite the hack, CEO Sumit Gupta took to X on 22 July 2025 to say that “CoinDCX remains financially strong, fully operational, and firmly committed to building for the long term. For us, it’s business as usual.”
“We have processed 100%, I repeat, one hundred percent of INR withdrawal requests on the platform,” Gupta insisted.
Now, it has come to light that the hack could possibly be attributed to the North Korean Lazarus Group – an internationally notorious, state-owned, cybercrime syndicate known for targeting crypto platforms.
Cybersecurity firm Cyvers reported that the theft was executed within just five minutes. It involved seven high-speed transactions. The hackers showed cross-chain expertise to exploit operational wallets on the Solana blockchain
https://twitter.com/cryptonews/status/1947517087821533667?ref_src=twsrc%5Etfw” rel=”nofollow” target=”_blank
Explore: The 12+ Hottest Crypto Presales to Buy Right Now
Citing similarities between $44 million CoinDCX hack and the $230 million Wazir hack, the Cyvers report said that these attacks, often involving Lazarus Group, exploit exchange infrastructure. Furthermore, they bypass traditional monitoring, and move assets across chains faster than manual detection can react.
“Both were detected by Cyvers, and our analysis suggests this latest attack bears the hallmarks of North Korea’s Lazarus Group, one of the most aggressive state-sponsored hacker syndicates targeting centralized exchanges,” the Cyvers report stated.
Cyvers’ experts stressed that there is a similar modus operandi and timing between the CoinDCX and WazirX hacks. According to them, it is a warning to the broader crypto industry, particularly India.
Read More: CoinDCX $44.2M Crypto Hack: Customer Funds Safe
CoinDCX lost over $44 million in USDC and USDC from an internal operational wallet. Crucially, this wallet was separate from the exchange’s reserves, ensuring that user funds, often verified through proof-of-reserves, were unaffected.
The breach was first detected by ZachXBT and Cyvers Alerts on X. The report revealed unauthorized transfers from the exchange, raising concerns about the vulnerabilities of centralized exchanges. Analysts noted that the breach targeted an internal wallet used for liquidity provision on a partner exchange.
As mentioned, this wallet was separate from CoinDCX’s published proof-of-reserves. The attacker initiated the exploit using 1 ETH, sending funds to Tornado Cash, a crypto mixer.
https://twitter.com/CyversAlerts/status/1946625586597888163?ref_src=twsrc%5Etfw” rel=”nofollow” target=”_blank
Subsequently, the hacker executed multiple transactions to obscure the original transfer, converting stolen funds to ETH ▼-2.82% and before bridging them across different blockchains. By dispersing funds across multiple intermediary wallets, the hacker aimed to complicate tracing efforts.
DISCOVER: 20+ Next Crypto to Explode in 2025
The post Is Lazarus Group Behind India’s $44M CoinDCX Heist? Cyvers Report Says Yes appeared first on 99Bitcoins.
TICS, the crypto behind the blockchain protocol Qubetics, crashed after technical issues plagued its airdrop…
Table of Contents Table of Contents Table of Contents How many Alien movies are there?…
Key Takeaways Coinbase stock fell 7% in after-hours trading as Q2 adjusted net income came…
With US Health and Human Services secretary Robert F. Kennedy, Jr. already shaking up federal…
A group of U.S. lawmakers traveled to Argentina and met with President Javier Milei and…
Cboe BZX and NYSE Arca are tired of waiting around. The two exchanges have filed…