The recent $44 million exploit targeting India-based crypto exchange CoinDCX has been linked to North Korea’s Lazarus Group, as reported by blockchain security firm Cyvers.
According to Cyvers CEO Deddy Lavid, the attackers followed a familiar pattern seen in previous Lazarus operations. They utilized cross-chain bridges and Tornado Cash to conceal their movements of funds, a tactic commonly associated with the notorious hacking group.
The involvement of North Korea’s Lazarus Group was further supported by the centralized exchange exploit and the precise understanding of liquidity provisioning. Lavid mentioned that the attack displayed characteristics of an experienced and highly coordinated threat actor.
On July 19, CoinDCX disclosed that unauthorized access was gained to internal accounts used for liquidity provisions with another platform. The hackers likely obtained backend access through exposed API keys, system misconfigurations, or overly permissive credentials. Once inside, they transferred assets from Solana to Ethereum before laundering the funds through Tornado Cash.
The sophistication of the attack aligns with the modus operandi of the North Korea-linked group, known for its persistent attacks on the crypto industry. This group had previously stolen over $1.6 billion in the first half of the year and was behind the Bybit hack.
In response to the exploit, CoinDCX initiated a bounty program on July 21, offering up to 25% of any recovered funds as a reward. The potential reward could reach $11 million depending on the success of recovery efforts.
CoinDCX CEO Sumit Gupta emphasized the importance of identifying and apprehending the attackers to prevent such incidents from recurring. He announced that the company would cover the loss from its corporate treasury and assured users that their funds remained unaffected.
The bounty program aims to incentivize white-hat hackers, researchers, and blockchain firms to assist in tracking and retrieving the stolen assets. Gupta reiterated the company’s commitment to enhancing security measures and ensuring the safety of user funds.
Overall, the collaboration between Cyvers, CoinDCX, and the crypto community highlights the collective effort to combat cyber threats and safeguard the integrity of the blockchain ecosystem.