Lazarus Group Blamed for $44M CoinDCX Hack
CoinDCX, one of India’s largest crypto exchanges, has confirmed that the $44 million exploit it suffered was linked to North Korea’s infamous Lazarus Group, according to blockchain security firm Cyvers. The attack, which occurred on July 19, involved unauthorized access to internal accounts used for liquidity provisioning with another platform.
Cyvers CEO Deddy Lavid stated that the group behind the hack exhibited behavior consistent with Lazarus’ past operations, including the use of cross-chain bridges and Tornado Cash to obfuscate the fund trail.
Hi everyone,
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts - used only for liquidity provisioning on a partner exchange - was compromised due to a… pic.twitter.com/L1kZhjKAxQ
Hi everyone,
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts - used only for liquidity provisioning on a partner exchange - was compromised due to a… pic.twitter.com/L1kZhjKAxQ
Once the hackers accessed the CoinDCX backend, they reportedly transferred assets from Solana to Ethereum, exploiting system vulnerabilities like exposed API keys, overly permissive credentials, or misconfigured systems. Despite being segregated from user wallets, the compromised internal account still had enough privileges to drain large amounts of funds without triggering security alerts.
Bounty Program Launched to Track Down Hackers
In an aggressive move to fight back, CoinDCX announced a bounty program on July 21, offering up to 25% of any recovered funds, which could total as much as $11 million. CEO Sumit Gupta explained that the bounty is not just about recovery but also about deterring future threats.
Announcing the @CoinDCX Recovery Bounty Program: Up to 25% of any recovered funds will be awarded to individuals or teams who can help trace and retrieve the stolen crypto.
— Sumit Gupta (CoinDCX) (@smtgpt) July 21, 2025
Just to give more context:
-> We want to be upfront. The exposure was from our own reserves, and we have… https://t.co/GHHlxf3PxB
Announcing the @CoinDCX Recovery Bounty Program: Up to 25% of any recovered funds will be awarded to individuals or teams who can help trace and retrieve the stolen crypto.
— Sumit Gupta (CoinDCX) (@smtgpt) July 21, 2025
Just to give more context:
-> We want to be upfront. The exposure was from our own reserves, and we have… https://t.co/GHHlxf3PxB
The bounty is open to white-hat hackers, cybersecurity researchers, and blockchain firms, urging them to help trace and retrieve the stolen assets. CoinDCX clarified that user funds were not affected, and that the corporate treasury will absorb the loss.
Lazarus Group’s Continued Crypto Rampage
This latest hack adds to a mounting list of Lazarus-led crypto thefts, with the group reportedly responsible for over $1.6 billion in attacks just in the first half of 2025. They’ve recently been linked to the Bybit hack and several other incidents involving cross-chain laundering and smart contract vulnerabilities.
Lavid noted that the precision of the exploit and the attackers’ deep knowledge of liquidity mechanisms and exchange backend architecture point unmistakably to Lazarus’ trademark style.
CoinDCX’s Response and Industry Implications
The hack has triggered alarm bells across the crypto sector, especially in India, where CoinDCX is a major player. The exchange’s swift and transparent response — including the bounty, public statements, and assurance of user fund safety — could set a new precedent in the region.
The event also raises broader questions about how even major exchanges remain vulnerable to state-sponsored attackers, especially as groups like Lazarus become increasingly sophisticated.
As CoinDCX calls in the broader blockchain community to help fight back, this could mark the start of a more unified global defense against crypto espionage.
