A cyberattack on the Indian cryptocurrency exchange CoinDCX, resulting in a $44.2 million loss, has been linked to the North Korean group Lazarus Group, according to CryptoSlate, citing Cyvers CEO Deddy Lavid.
The expert noted that the perpetrators operated in a manner very similar to previous operations by North Korean hackers. A distinctive feature of their tactics is the use of the crypto mixer Tornado Cash and cross-chain bridges to obscure the movement of funds.
On July 19, CoinDCX reported a compromise of an internal account used to provide liquidity on a third-party platform.
Lavid suggested that the attackers gained backend access through exposed API keys, misconfigurations, or credential permission vulnerabilities. Once inside the system, they used legitimate account privileges to transfer assets from Solana to Ethereum and then laundered the funds through Tornado Cash.
The sophistication of the attack and the deep understanding of liquidity provision mechanisms on centralized crypto platforms are also characteristic signs of experienced and well-coordinated cybercriminals, Lavid believes.
CoinDCX co-founder Sumit Gupta confirmed that user assets were not affected in the breach. The company has already covered the entire loss from its own funds.
The exchange announced a bounty program, offering a reward of 25% of any recovered amounts. The team seeks assistance not only in tracking assets but also in identifying those responsible for the attack.
Announcing the @CoinDCX Recovery Bounty Program: Up to 25% of any recovered funds will be awarded to individuals or teams who can help trace and retrieve the stolen crypto.
Just to give more context:
-> We want to be upfront. The exposure was from our own reserves, and we have… https://t.co/GHHlxf3PxB— Sumit Gupta (CoinDCX) (@smtgpt) July 21, 2025
“For us, it is more important not just to recover the stolen funds but also to identify and catch the perpetrators, because such things should not happen again to us or anyone else in this industry,” Gupta emphasized.
Back in February, the largest hack of the Bybit exchange, amounting to ~$1.5 billion, was also attributed to Lazarus. The conclusions of experts were confirmed by the FBI.