BREAKING: Lazarus Group Allegedly Siphons $44M from India’s CoinDCX—Cyvers Report Confirms

Another day, another crypto heist—except this one's got North Korea's fingerprints all over it. Cybersecurity firm Cyvers just dropped a bombshell report linking the infamous Lazarus Group to India's $44 million CoinDCX exploit. Here's the breakdown.

The Digital Heist Playbook

No sophisticated zero-days here—just old-school social engineering meets blockchain's immutable ledger. Lazarus allegedly bypassed CoinDCX's defenses like a hot knife through institutional-grade butter. (Pro tip: Your 'multi-sig vault' isn't foolproof when humans are involved.)

The Aftermath

While CoinDCX scrambles to plug leaks, traders are left holding the bag—again. The $44 million vanish act marks 2025's third major exchange breach before Q3 even ends. Maybe time to revisit that 'not your keys, not your coins' mantra?

The Bigger Picture

Lazarus' alleged involvement suggests state-sponsored actors are doubling down on crypto liquidity raids. Meanwhile, regulators keep debating KYC rules while hackers cash out to Tornado. Stay paranoid out there.

— Cryptonews.com (@cryptonews) July 22, 2025

: The 12+ Hottest Crypto Presales to Buy Right Now

Heist Resembled WazirX Hack

Citing similarities between $44 million CoinDCX hack and the $230 million Wazir hack, the Cyvers report said that these attacks, often involving Lazarus Group, exploit exchange infrastructure. Furthermore, they bypass traditional monitoring, and MOVE assets across chains faster than manual detection can react.

“Both were detected by Cyvers, and our analysis suggests this latest attack bears the hallmarks of North Korea’s Lazarus Group, one of the most aggressive state-sponsored hacker syndicates targeting centralized exchanges,” the Cyvers report stated. 

Cyvers’ experts stressed that there is a similar modus operandi and timing between the CoinDCX and WazirX hacks. According to them, it is a warning to the broader crypto industry, particularly India.

CoinDCX Suffers $44.2M Security Breach; Customer Funds Confirmed Safe

CoinDCX lost over $44 million in USDC and USDC from an internal operational wallet. Crucially, this wallet was separate from the exchange’s reserves, ensuring that user funds, often verified through proof-of-reserves, were unaffected.

The breach was first detected by ZachXBT and Cyvers Alerts on X. The report revealed unauthorized transfers from the exchange, raising concerns about the vulnerabilities of centralized exchanges. Analysts noted that the breach targeted an internal wallet used for liquidity provision on a partner exchange.

As mentioned, this wallet was separate from CoinDCX’s published proof-of-reserves. The attacker initiated the exploit using 1 ETH, sending funds to Tornado Cash, a crypto mixer.

Our system has detected a hack into @CoinDCX centralized exchange 20 hours ago.
Here's what we know:
– The hacker stole around $44.2M in USDC/USDT from one of the exchange's operational wallets on Solana.
– The hacker funded the hack with 1 ETH from Tornado Cash.
– Part of the… pic.twitter.com/5PLliaZ6m4

—Cyvers Alerts(@CyversAlerts) July 19, 2025

Subsequently, the hacker executed multiple transactions to obscure the original transfer, converting stolen funds to ETH ▼-2.82% and SOL ▲4.09% before bridging them across different blockchains. By dispersing funds across multiple intermediary wallets, the hacker aimed to complicate tracing efforts.

Key Takeaways

• North Korea’s Lazarus Group is behind CoinDCX’s security breach that resulted in the theft of approximately $44.2 million in USDC and USDT. 

• Cybersecurity firm Cyvers reported that the theft was executed within just five minutes. It involved seven high-speed transactions.