The cyberattack on the Indian crypto exchange CoinDCX, which resulted in a loss of $44.2 million, has been linked to the North Korean Lazarus Group. This was reported by CryptoSlate, citing Deddy Lavid, CEO of Cyvers. Lavid noted that the attackers acted according to a scheme very similar to previous operations conducted by DPRK (North Korean) hackers. One of the distinctive features of their tactics is the use of the cryptomixer Tornado Cash and cross-chain bridges to conceal the flow of funds. On July 19, CoinDCX reported the compromise of an internal account used to provide liquidity on a third-party platform. Lavid speculated that the attackers gained access to the backend via open API keys, improper system settings, or vulnerabilities in account permissions. Once inside, they used legitimate account privileges to transfer assets from Solana to Ethereum, subsequently laundering the funds through Tornado Cash. According to Lavid, the sophistication of the attack and in-depth knowledge of liquidity mechanisms on centralized exchanges indicate that highly experienced and well-organized cybercriminals were involved. CoinDCX co-founder Sumit Gupta confirmed that users’ assets were not affected by the hack, and the company has already covered all losses from its own funds. The exchange has announced a bounty program, offering a reward of 25% for any recovered amounts. The team seeks assistance not only in tracing the assets, but also in identifying those responsible for the attack. ”More than recovering the stolen funds, what is important for us is to identify and catch the attackers, because such things shouldn’t happen again, not with us, not with anyone in the industry,” Gupta emphasized.
