Lazarus Group linked to $44M CoinDCX heist, mirroring WazirX Exploit

The Lazarus Group, a North Korean state-sponsored hacking collective, is believed to be behind the recent $44 million CoinDCX heist.

The infamous North Korean Lazarus Group is purportedly responsible for the July 19 robbery on the Indian crypto exchange CoinDCX, which resulted in the theft of $44 million.

The incident adheres to the same exploit pattern as WazirX, as per cybersecurity experts from Cyvers. Surprisingly, WazirX’s security breach occurred on the same date last year, resulting in a loss of $234 million due to a succession of suspicious transactions.

Subsequently, CoinDCX verified that its operational wallet had been compromised, guaranteeing that user funds would not be compromised.

Analysis: Hackers Only Needed Five Minutes to Extract Funds

The cybersecurity team emphasized that this compromise’s speed, precision, and cross-chain sophistication were “alarming.”

The North Korean cyber group meticulously devised a pre-attack setup on July 16, which involved conducting a “test transaction” of 1 USDT.

The analysts cited seven distinct transactions in their report, which stated that 44 million USDT was siphoned out in rapid-fire bursts in just five minutes.

Cyvers also stated that hackers seized approximately $44.2M in USDC/USDT from one of the exchange’s operational wallets on Solana.

Furthermore, the Cyvers team emphasized that the attacks on two distinct Indian crypto exchanges, WazirX and CoinDCX, are “warnings” rather than “coincidences.”

“Preemptive threat prevention is essential if Lazarus is intensifying its focus on India’s largest exchanges,” cybersecurity experts observed. “It is the sole line of defense.”

CoinDCX has announced the Recovery Bounty Program

The exchange has announced the recovery bounty program. Individuals or teams that assist in tracing and retrieving stolen crypto will receive up to 25% of any recovered funds.

CoinDCX CEO Sumit Gupta addressed X, emphasizing the importance of identifying and apprehending the assailants over recovering the stolen funds.

Announcing the @CoinDCX Recovery Bounty Program: Up to 25% of any recovered funds will be awarded to individuals or teams who can help trace and retrieve the stolen crypto.

Just to give more context:
-> We want to be upfront. The exposure was from our own reserves, and we have… https://t.co/GHHlxf3PxB

— Sumit Gupta (CoinDCX) (@smtgpt) July 21, 2025

“He wrote, ‘Because such things should never happen again, not with us, not with anyone in the industry.'” “We will resist this and guarantee that the Indian crypto community emerges from this situation with greater strength.”

According to the announcement, the bounty could reach as much as $11 million, contingent upon the accomplishment of the asset recovery.