Solana News Today: North Korea's Lazarus Group Steals $44.2M from CoinDCX Without Touching User Wallets

Generated by AI AgentCoin World
Thursday, Jul 24, 2025 10:56 am ET2min read
SOL
--
USDT
--
Aime RobotAime Summary

- North Korea's Lazarus Group stole $44.2M from India's CoinDCX via a compromised liquidity account, bypassing user wallets through cross-chain transfers and Tornado Cash.

- Attackers drained $40M in USDT from a Solana wallet, splitting funds into smaller chunks before consolidating into two wallets, with detection delayed 17 hours.

- CoinDCX CEO Sumit Gupta emphasized user asset security via segregated wallets but faced criticism for delayed disclosure, while launching a $11M bounty for fund recovery.

- The breach highlights crypto exchange vulnerabilities, with Lazarus Group linked to $1.6B in 2025 losses, underscoring the need for compartmentalized infrastructure and rapid response protocols.

India’s largest cryptocurrency exchange, CoinDCX, became the target of a $44.2 million heist on July 19, 2025, in an attack that bypassed user wallets by compromising an operational liquidity account [1]. The breach, attributed to North Korea’s state-sponsored Lazarus Group, exploited a vulnerability in the exchange’s backend infrastructure, allowing attackers to siphon funds through cross-chain transfers and crypto mixers like Tornado Cash. Despite the theft, customer assets remained secure due to CoinDCX’s segregated security architecture, a fact emphasized by CEO Sumit Gupta in a public statement on X [1].

The attack unfolded with meticulous coordination. Between July 16 and 19, hackers conducted a "dry run" with a 1-USDt test transaction, signaling a premeditated operation. Using a compromised liquidity account, they drained a

Solana
wallet of $40 million in
USDT
within minutes. Funds were swiftly routed through
Jupiter
swap aggregators and the Wormhole bridge, splitting them into smaller chunks of 1,000–4,000 SOL before being consolidated into two wallets: one holding 155,830 SOL (~$27.6 million) and another containing 4,443 ETH (~$15.7 million). The use of Tornado Cash and cross-chain bridging obscured the trail, delaying detection for 17 hours until blockchain sleuth ZachXBT flagged the activity on Telegram [1].

CoinDCX’s delayed disclosure sparked criticism from the crypto community, with detractors questioning its transparency despite the platform’s public emphasis on accountability. The company attributed the delay to the complexity of tracing the breach and confirmed that the compromised account had limited operational privileges but no access to user funds. Cybersecurity expert Deddy Lavid noted that the attackers likely exploited exposed credentials to bypass backend defenses, though the exact vector remains undisclosed [1].

In response, CoinDCX launched a bounty program offering up to 25% of any recovered assets, potentially reaching $11 million. Gupta emphasized that the initiative aims to incentivize researchers and white hat hackers to trace the stolen funds, while reiterating the platform’s financial stability and commitment to long-term operations. Cold storage of customer assets, he stated, ensured no direct impact on users [1].

The incident underscores broader vulnerabilities in crypto exchange security. In 2025, over $2.17 billion has been stolen in the first half alone, with Lazarus Group linked to $1.6 billion of these losses. Analysts highlight the group’s advanced tactics, including cross-chain bridging and mixer exploitation, as a growing threat. CoinDCX’s segregated wallet system and cold storage practices, however, serve as a case study in mitigating damage, even as breaches become more frequent [1].

Recovery prospects remain bleak, with less than 8% of stolen funds recovered in the first half of 2025. The CoinDCX hack reinforces the industry’s need for robust security protocols, including compartmentalized infrastructure and rapid incident response. As exchanges face increasingly sophisticated attacks, the focus must shift from preventing breaches entirely to minimizing their impact through layered defenses and transparent communication [1].

Source: [1] [title: How hackers stole $44M from CoinDCX without touching user wallets] [url: https://cointelegraph.com/explained/how-hackers-stole-44m-from-coindcx-without-touching-user-wallets?utm_source=rss_feed&utm_medium=rss&utm_campaign=rss_partner_inbound]