North Korean Hackers Steal $44.2 Million from CoinDCX in July 2025

Generated by AI AgentCoin World
Tuesday, Jul 22, 2025 12:51 am ET1min read
SOL
--
USDC
--
USDT
--
Aime RobotAime Summary

- North Korean hackers from Lazarus stole $44.2M from Indian exchange CoinDCX on July 19, 2025, mirroring WazirX's 2024 attack pattern.

- The breach exploited Solana-based operational wallets, siphoning $44M in 5 minutes via precise cross-chain transactions starting July 16.

- CoinDCX confirmed user funds remained safe but launched a 25% bounty program for recovery, with CEO Sumit Gupta stressing urgent threat prevention.

- Cybersecurity experts warn Lazarus' targeted attacks on India's major exchanges highlight systemic vulnerabilities requiring preemptive defenses.

On July 19, 2025, the Indian cryptocurrency exchange CoinDCX experienced a significant security breach, resulting in the theft of $44 million. Cybersecurity experts have identified the North Korean hacker group Lazarus as the perpetrator behind this heist. The incident is particularly alarming due to its similarity to a previous exploit pattern used in the WazirX hack, which occurred on the same date in the previous year and resulted in a loss of $234 million.

CoinDCX confirmed the hack on its operational wallet, reassuring users that their funds remain unaffected. The cybersecurity team from Cyvers highlighted the speed, precision, and cross-chain sophistication of the breach, noting that the hackers executed a meticulous pre-attack setup starting from July 16. This included a "test transaction" of 1

USDT
, followed by a rapid-fire series of transactions that siphoned off $44 million in just five minutes. The stolen funds, amounting to approximately $44.2 million in USDC/USDT, were taken from one of the exchange’s operational wallets on
Solana
.

Cyvers emphasized that the attacks on WazirX and CoinDCX are not coincidental but serve as warnings. The experts suggest that if Lazarus is intensifying its focus on India’s largest exchanges, preemptive threat prevention is not optional but the only line of defense. The exchange has responded by announcing a recovery bounty program, offering up to 25% of any recovered funds to individuals or teams that help trace and retrieve the stolen cryptocurrency. CoinDCX CEO Sumit Gupta underscored the importance of identifying and catching the attackers, stating that such incidents should not recur within the industry. The bounty program could potentially amount to as much as $11 million, depending on the success of the asset recovery efforts.