Bitcoin 
Ethereum 
XRP 
Tether 
BNB 
Solana 
USDC 
Dogecoin 
Lido Staked Ether 
Cardano 
TRON 
Wrapped Bitcoin 
Hyperliquid 
Stellar 
Wrapped stETH 
Sui 
Chainlink 
Wrapped Beacon ETH 
Hedera 
Wrapped eETH 
Avalanche 
Bitcoin Cash 
Shiba Inu 
Litecoin 
WETH 
LEO Token 
Toncoin 
USDS 
Polkadot 
Binance Bridged USDT (BNB Smart Chain) 
Coinbase Wrapped BTC 
Uniswap 
WhiteBIT Coin 
Ethena USDe 
Pepe 
Monero 
Bitget Token 
Aave 
Bittensor 
Cronos 
Dai 
NEAR Protocol 
Ethereum Classic 
Ethena Staked USDe 
Aptos 
Pi Network 
Ondo 
Ethena 
Internet Computer 
Jito Staked SOL 
The $44 million exploit targeting India-based crypto exchange CoinDCX has been linked to North Korea’s Lazarus Group, according to blockchain security firm Cyvers.
In a July 21 statement shared with CryptoSlate, Cyvers CEO Deddy Lavid said the attackers followed a pattern reminiscent of previous Lazarus operations. The tactics included using cross-chain bridges and Tornado Cash to conceal fund movements, a hallmark of the notorious hacking group.
North Korea links
Lavid further noted that the centralized exchange exploit and precise understanding of liquidity provisioning strongly indicate the involvement of an experienced and highly coordinated threat actor.
On July 19, the Indian-based crypto trading platform reported that it was exploited after attackers gained unauthorized access to internal accounts used for liquidity provisions with another platform.
Lavid elaborated on the method of attack, suggesting that the hackers likely gained backend access through exposed API keys, system misconfigurations, or overly permissive credentials. Once inside, they used legitimate account permissions to move assets from Solana to Ethereum before laundering the funds through Tornado Cash.
He added:
“Although the compromised account was segregated from user wallets, its operational privileges were sufficient to execute large-scale fund movements without triggering immediate alarms.”
Meanwhile, the sophistication of the attack bears the hallmark of the North Korea-linked group, which continues to dominate the scene for its incessant attacks on the emerging industry.
Notably, the group stole more than $1.6 billion during the first half of the year and was responsible for the Bybit hack.
Bounty offer
In response to the attack, CoinDCX launched a bounty program on July 21, offering up to 25% of any recovered funds as a reward. Depending on the success of recovery efforts, the reward could amount to as much as $11 million.
CoinDCX CEO Sumit Gupta said the initiative aims to incentivize white-hat hackers, researchers, and blockchain firms to assist in tracking and retrieving the stolen assets. He stated:
“More than recovering the stolen funds, what is important for us is to identify and catch the attackers, because such things shouldn’t happen again, not with us, not with anyone in the industry.”
Meanwhile, Gupta also emphasized that the company was covering the loss through its corporate treasury and reiterated that user funds were unaffected.
