Table of contents
- A troubling month for crypto security
- CoinDCX: the month’s biggest hit
- GMX, Grande, and WOO X also targeted
- Social engineering and off-chain infrastructure under attack
- The North Korea connection
A troubling month for crypto security
July marked another spike in cryptocurrency thefts, with at least $142 million stolen in 17 separate cyber incidents, according to blockchain security firm PeckShield.
The most severe case was the breach of CoinDCX, an Indian exchange that lost an estimated $44 million in what its CEO called a “sophisticated server attack.”
CoinDCX: the month’s biggest hit
On July 18, CoinDCX CEO Sumit Gupta confirmed that the exchange had suffered a “sophisticated server breach”. Shortly after, an employee was arrested in connection with the hack.
Investigations are ongoing. CoinDCX is one of India’s largest crypto exchanges, and this incident marked the biggest single loss of the month.
GMX, Grande, and WOO X also targeted
The second-largest attack targeted decentralized exchange GMX, which lost $40 million on July 11. Interestingly, the attacker later returned the stolen funds.
Just two days before the CoinDCX breach, the Grande exchange was hit, losing at least $27 million due to a hot wallet compromise. On July 24, WOO ECONOMIC (WOO X) fell victim to a phishing campaign that allowed attackers to access a team member’s device and move laterally within the exchange, stealing at least $14 million before withdrawals were frozen.
Social engineering and off-chain infrastructure under attack
According to Rob Behnke, president of security firm Halborn, modern crypto attacks increasingly target off-chain infrastructure—such as backend systems and development environments—rather than exploiting smart contract bugs.
“Smart contract audits have limited impact,” said Behnke. “It’s the backend that’s causing the most damage now.”
The North Korea connection
In a separate but alarming revelation, a woman from Arizona was sentenced to over eight years in federal prison for helping North Korean agents impersonate American remote workers and secure jobs in US-based crypto and tech companies.
The operation generated more than $17 million for the Democratic People’s Republic of Korea (DPRK) by using stolen identities and forged documents. At least 68 American identities were compromised in the scheme.
