Lazarus Group Behind $44M CoinDCX Heist, Experts Find Same Exploit Pattern as WazirX

The July 19 heist on Indian crypto exchange CoinDCX, compromising $44 million, is reportedly linked to the infamous North Korean Lazarus Group.

According to cybersecurity experts from Cyvers, the incident follows the same exploit pattern as WazirX. Surprisingly, WazirX’s security breach occurred on the same date last year, resulting in a loss of $234 million through a series of suspicious transactions.

CoinDCX later confirmed the hack on its operational wallet, assuring that user funds remain unaffected.

Hackers Only Took 5 Min to Siphon Funds – Analysis

The cybersecurity team emphasised that the speed, precision, and cross-chain sophistication of this breach made it “alarming.”

The North Korean hacker group carefully planned a pre-attack setup from July 16, conducting a “test transaction” on 1 USDT.

“In just five minutes, 44 million USDT is siphoned out in rapid-fire bursts,” the analysts wrote, citing 7 separate transactions.

Hackers stole around $44.2M in USDC/USDT from one of the exchange’s operational wallets on Solana, Cyvers added.

Further, the Cyvers team stressed that the attacks on two distinct Indian crypto exchanges, WazirX and CoinDCX, “aren’t coincidences,” but “warnings.”

“If Lazarus is accelerating its focus on India’s largest exchanges, preemptive threat prevention isn’t optional,” cybersecurity experts noted. “It’s the only line of defense.”

CoinDCX Announces Recovery Bounty Program

The exchange has announced a recovery bounty program, where up to 25% of any recovered funds will be awarded to individuals or teams that help trace and retrieve the stolen crypto.

CoinDCX CEO Sumit Gupta took to X, stressing the need to identify and catch the attackers, more than recovering the stolen funds.

Announcing the @CoinDCX Recovery Bounty Program: Up to 25% of any recovered funds will be awarded to individuals or teams who can help trace and retrieve the stolen crypto.

Just to give more context:
-> We want to be upfront. The exposure was from our own reserves, and we have… https://t.co/GHHlxf3PxB

— Sumit Gupta (CoinDCX) (@smtgpt) July 21, 2025

“Because such things shouldn’t happen again, not with us, not with anyone in the industry,” he wrote. “We will fight this and ensure that the Indian crypto community comes out of this stronger.”

Per the announcement, depending on the success of the assets recovery, the bounty could amount to as much as $11 million.