CoinDCX Breach Attributed to Lazarus Group
A significant breach targeting CoinDCX, an Indian cryptocurrency exchange, has been attributed to the notorious North Korean hacking group known as the Lazarus Group. According to CryptoSlate, which reported the details shared by Cyvers CEO Deddy Lavid, the cyberattack led to losses amounting to approximately $44.2 million. Lavid noted that the methodology employed by the attackers closely mirrors previous assaults attributed to DPRK-affiliated hackers.
Details of the Attack
CoinDCX confirmed the security issue on July 19, stating that an internal account, intended for liquidity provision on an external platform, had been compromised. Lavid speculated that the attackers could have exploited open API keys, misconfigured system settings, or flaws in account permissions to infiltrate the backend of CoinDCX. Once they penetrated the system, they utilized authenticated account privileges to transfer digital assets, notably moving funds from Solana to Ethereum. They further obscured the trail by laundering the illicit gains through Tornado Cash, a cryptomixer.
Response and Assurance
The complexity and execution of the attack suggest that it was carried out by a highly skilled group of cybercriminals with extensive knowledge of how centralized exchanges operate. Despite the substantial financial theft, CoinDCX co-founder Sumit Gupta assured that user assets remained secure and stated that the company would absorb the losses using its own resources.
Future Prevention Measures
In response to the incident, CoinDCX has initiated a bounty program, offering a 25% reward for any amounts that can be recovered, as well as for information that could lead to the identification of the attackers.
“Beyond merely recovering the stolen assets, our priority is to pinpoint and apprehend those responsible for this breach, as we aim to prevent similar incidents in the future, not only for ourselves but across the entire industry,”
Gupta remarked.
