A recent cyberattack on the Indian cryptocurrency exchange CoinDCX resulted in a loss of $44.2 million and was linked to the North Korean hacking group Lazarus.
Details of the Cyberattack
The attack occurred on July 19 when CoinDCX reported the compromise of an internal account used to provide liquidity on a third-party platform, resulting in the loss of $44.2 million.
Methods Used by Hackers
According to Cyvers CEO Deddy Lavid, the attackers employed tactics characteristic of North Korean hackers, such as using the cryptomixer Tornado Cash and cross-chain bridges to conceal the flow of funds. Lavid speculated that access may have been gained through open API keys or vulnerabilities in system settings.
CoinDCX's Response
CoinDCX co-founder Sumit Gupta confirmed that user assets were not affected, and the company has covered all losses from its own funds. The exchange also announced a bounty program offering a 25% reward for any recovered amounts and urged assistance in tracing assets and identifying those responsible for the attack. Gupta emphasized, 'More than recovering the stolen funds, what is important for us is to identify and catch the attackers, because such things shouldn’t happen again.'
The cyberattack on CoinDCX highlights the vulnerability of cryptocurrency exchanges to organized attacks. Meanwhile, the exchange is actively working on recovering lost funds and investigating the incident.
