{"id":38121,"date":"2025-07-22T12:16:48","date_gmt":"2025-07-22T12:16:48","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=38121"},"modified":"2025-07-22T12:16:48","modified_gmt":"2025-07-22T12:16:48","slug":"is-lazarus-group-behind-indias-44m-coindcx-heist-cyvers-report-says-yes","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=38121","title":{"rendered":"Is Lazarus Group Behind India\u2019s $44M CoinDCX Heist? Cyvers Report Says Yes"},"content":{"rendered":"<div>\n<p><span style=\"font-weight: 400\">On 19 July 2025, major Indian cryptocurrency exchange CoinDCX suffered a security breach resulting in the theft of approximately $44.2 million in USDC and USDT. Despite the hack, <a href=\"https:\/\/x.com\/smtgpt\/status\/1947600203663741155\" rel=\"nofollow\" target=\"_blank\">CEO Sumit Gupta took to X on 22 July 2025<\/a> to say that \u201c<\/span><span class=\"r-18u37iz\">CoinDCX <\/span>remains financially strong, fully operational, and firmly committed to building for the long term. For us, it\u2019s business as usual.\u201d<\/p>\n<p><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\">\u201cWe have processed 100%, I repeat, one hundred percent<\/span><span class=\"css-1jxf684 r-bcqeeo r-1ttztb7 r-qvutc0 r-poiln3\"> of INR withdrawal requests on the platform,\u201d Gupta insisted.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\">Now, it has come to light that the hack could possibly be attributed to the North Korean Lazarus Group \u2013 an internationally notorious, state-owned, cybercrime syndicate known for targeting crypto platforms.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Cybersecurity firm Cyvers reported that the theft was executed within just five minutes. It involved seven high-speed transactions. The hackers showed cross-chain expertise to exploit operational wallets on the Solana blockchain<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f1ee-1f1f3.png\" alt=\"\ud83c\uddee\ud83c\uddf3\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> Cybersecurity experts from Cyvers said that the CoinDCX hack had a similar exploit pattern as WazirX and is reportedly linked to the North Korean Lazarus Group.<a href=\"https:\/\/twitter.com\/hashtag\/CoinDCXHack?src=hash&amp;ref_src=twsrc%5Etfw\" rel=\"nofollow\" target=\"_blank\">#CoinDCXHack<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/WazirX?src=hash&amp;ref_src=twsrc%5Etfw\" rel=\"nofollow\" target=\"_blank\">#WazirX<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/LazarusGroup?src=hash&amp;ref_src=twsrc%5Etfw\" rel=\"nofollow\" target=\"_blank\">#LazarusGroup<\/a><a href=\"https:\/\/t.co\/h7pchT5sQ8\" rel=\"nofollow\" target=\"_blank\">https:\/\/t.co\/h7pchT5sQ8<\/a><\/p>\n<p>\u2014 Cryptonews.com (@cryptonews) <a href=\"https:\/\/twitter.com\/cryptonews\/status\/1947517087821533667?ref_src=twsrc%5Etfw\" rel=\"nofollow\" target=\"_blank\">July 22, 2025<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>Explore<\/strong>:\u00a0<a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/crypto-presales\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\">The 12+ Hottest Crypto Presales to Buy Right Now<\/a><\/p>\n<h2>Heist Resembled WazirX Hack<\/h2>\n<p>Citing similarities between $44 million CoinDCX hack and the $230 million Wazir hack, the Cyvers report said that these attacks, often involving Lazarus Group, exploit exchange infrastructure. Furthermore, they bypass traditional monitoring, and move assets across chains faster than manual detection can react.<\/p>\n<p>\u201cBoth were detected by Cyvers, and our analysis suggests this latest attack bears the hallmarks of North Korea\u2019s Lazarus Group, one of the most aggressive state-sponsored hacker syndicates targeting centralized exchanges,\u201d<a href=\"https:\/\/cyvers.ai\/blog\/5-minutes-44m-coindcx-hack-shows-all-the-signs-of-lazarus-involvement\" rel=\"nofollow\" target=\"_blank\"> the Cyvers report stated.\u00a0<\/a><\/p>\n<p><span style=\"font-weight: 400\">Cyvers\u2019 experts stressed that there is a similar modus operandi and timing between the CoinDCX and WazirX hacks. According to them, it is a warning to the broader crypto industry, particularly India. <\/span><\/p>\n<p><strong>Read More: <a href=\"https:\/\/99bitcoins.com\/news\/altcoins\/coindcx-suffers-44-2m-security-breach-customer-funds-confirmed-safe\/\">CoinDCX $44.2M Crypto Hack: Customer Funds Safe<\/a><\/strong><\/p>\n<h2 class=\"nnbtc-header__title\">CoinDCX Suffers $44.2M Security Breach; Customer Funds Confirmed Safe<\/h2>\n<p><span data-preserver-spaces=\"true\">CoinDCX lost over $44 million in USDC and USDC from an internal operational wallet. <\/span><span data-preserver-spaces=\"true\">Crucially, this wallet was separate from the exchange\u2019s reserves, ensuring that user funds, often verified through proof-of-reserves, were unaffected.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">The breach was first detected by ZachXBT and Cyvers Alerts on X. The report revealed unauthorized transfers from the exchange, raising concerns about the vulnerabilities of centralized exchanges. Analysts noted that the breach targeted an internal wallet <\/span><span data-preserver-spaces=\"true\">used<\/span><span data-preserver-spaces=\"true\">\u00a0for liquidity provision on a partner exchange.<\/span><\/p>\n<p><span data-preserver-spaces=\"true\">As mentioned, this wallet was separate from CoinDCX\u2019s published proof-of-reserves. The attacker initiated the exploit using 1 ETH, sending funds to Tornado Cash, a crypto mixer.<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Our system has detected a hack into <a href=\"https:\/\/twitter.com\/CoinDCX?ref_src=twsrc%5Etfw\" rel=\"nofollow\" target=\"_blank\">@CoinDCX<\/a>  centralized exchange 20 hours ago.<br \/>Here&#8217;s what we know:<br \/>\u2013 The hacker stole around $44.2M in USDC\/USDT from one of the exchange&#8217;s operational wallets on Solana.<br \/>\u2013 The hacker funded the hack with 1 ETH from Tornado Cash.<br \/>\u2013 Part of the\u2026 <a href=\"https:\/\/t.co\/5PLliaZ6m4\" rel=\"nofollow\" target=\"_blank\">pic.twitter.com\/5PLliaZ6m4<\/a><\/p>\n<p>\u2014 <img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f6a8.png\" alt=\"\ud83d\udea8\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> Cyvers Alerts <img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f6a8.png\" alt=\"\ud83d\udea8\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> (@CyversAlerts) <a href=\"https:\/\/twitter.com\/CyversAlerts\/status\/1946625586597888163?ref_src=twsrc%5Etfw\" rel=\"nofollow\" target=\"_blank\">July 19, 2025<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Subsequently, the hacker executed multiple transactions to obscure the original transfer, converting stolen funds to <a class=\"cpp-widget-coin cpp-widget-99btc\" href=\"https:\/\/cryptonews.com\/coins\/ethereum\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\" data-symbol=\"eth\" data-name=\"Ethereum\" data-price=\"3659.662700000000000\" data-change=\"-2.82\" data-chart-style=\"99btc\" data-cta_text=\"Buy with Best Wallet\">ETH\u00a0\u25bc-2.82%<\/a> and\u00a0<span class=\"cpp-widget-coin cpp-widget-99btc\" data-symbol=\"sol\" data-name=\"Solana\" data-price=\"198.299100000000000\" data-change=\"4.09\" data-chart-style=\"99btc\" data-cta_text=\"Buy with Best Wallet\">SOL\u00a0\u25b24.09%<\/span>\u00a0before bridging them across different blockchains. By dispersing funds across multiple intermediary wallets, the hacker aimed to complicate tracing efforts.<\/p>\n<p><strong><span data-preserver-spaces=\"true\">DISCOVER:\u00a0<\/span><a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/next-crypto-to-explode\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\"><span data-preserver-spaces=\"true\">20+ Next Crypto to Explode in 2025\u00a0<\/span><\/a><\/strong><\/p>\n<p><span style=\"font-weight: 400\">    <\/p>\n<div class=\"nnbtc-key-takeaways\">\n<h2 class=\"nnbtc-key-takeaways__title\">Key Takeaways<\/h2>\n<p><span style=\"font-weight: 400\">    <\/p>\n<ul class=\"nnbtc-key-takeaways__list\">\n        <\/ul>\n<p><\/span><\/p>\n<p><span style=\"font-weight: 400\">    <\/p>\n<li class=\"nnbtc-key-takeaways__list-item\">\n         <\/li>\n<p><\/span><span style=\"font-weight: 400\">North Korea\u2019s Lazarus Group is behind CoinDCX\u2019s security breach that resulted in the theft of approximately $44.2 million in USDC and USDT.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>\n    <\/span><\/p>\n<p><span style=\"font-weight: 400\">    <\/p>\n<li class=\"nnbtc-key-takeaways__list-item\">\n         <\/li>\n<p><\/span><span style=\"font-weight: 400\">Cybersecurity firm Cyvers reported that the theft was executed within just five minutes. It involved seven high-speed transactions.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>\n    <\/span><\/p>\n<p><span style=\"font-weight: 400\"><br \/>\n    <\/span><\/p>\n<p><span style=\"font-weight: 400\">    <\/span><\/p>\n<\/div>\n<p>    <\/span><\/p>\n<p>\u00a0<\/p>\n<p>The post <a href=\"https:\/\/99bitcoins.com\/news\/altcoins\/is-lazarus-group-behind-indias-44m-coindcx-heist-cyvers-report-says-yes\/\">Is Lazarus Group Behind India\u2019s $44M CoinDCX Heist? Cyvers Report Says Yes<\/a> appeared first on <a href=\"https:\/\/99bitcoins.com\/\">99Bitcoins<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>On 19 July 2025, major Indian cryptocurrency exchange CoinDCX suffered a security breach resulting in the theft of approximately $44.2 million in USDC and USDT. Despite the hack, CEO Sumit Gupta took to X on 22 July 2025 to say that \u201cCoinDCX remains financially strong, fully operational, and firmly committed to building for the long [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-38121","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/38121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=38121"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/38121\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=38121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=38121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=38121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}