CoinDCX Employee Arrested After $44M Hack Rocks Crypto Exchange

CoinDCX employee Rahul Agarwal has just been arrested in connection to the massive $44 million hack. What really happened?

 

The Indian crypto space was shaken this July when CoinDCX, one of the country’s top cryptocurrency exchanges, suffered a major hack. During the hack, a staggering $44 million vanished from the platform in what now appears to be one of India’s largest crypto thefts. 

Interestingly, a company employee’s laptop appears to have been involved.

So far, the hack has led to the arrest of Rahul Agarwal, a software engineer at CoinDCX. Here are some more details:.

CoinDCX Hack Linked to Employee Credentials

The hack happened on July 19, when suspicious activity involving USDT was first detected on the exchange. A single token transfer acted as a test. Just hours after this test transfer, hackers siphoned nearly ₹379 crore ($44 million) across six crypto wallets.

Breaking : Coindcx employee Rahul Agarwal arrested in connection with the $44 Million Crypto theft reported by the company.

Investigations revealed that hackers compromised Agarwal’s login credentials to access the system and siphon off $44 million. pic.twitter.com/s4kWP8BBra

— Crypto India (@CryptooIndia) July 31, 2025

A few days later, investigators traced the incident back to Rahul Agarwal, a staff engineer at CoinDCX. While Agarwal denied any involvement in the hack, he admitted to working part-time for four freelance clients while employed at the company. This detail has quickly raised red flags.

CoinDCX’s parent company, Neblio Technologies, discovered that Agarwal’s work-issued laptop had been compromised. As a result, the hackers had direct access to internal systems.

The “Social Engineering Attack”

According to CoinDCX co-founder and CEO Sumit Gupta, this hack was not a result of technical failure alone. Instead, he called it a “social engineering attack”. For context, this term refers to a situation where hackers trick someone into giving access to confidential information.

In this case, hackers likely convinced Agarwal to open files or click links that installed malware on his work laptop. 

This would have given them access to his credentials without his knowledge. CoinDCX declined to confirm the arrest but pointed out that an investigation was ongoing.

Freelance Work Raises More Suspicions

Further investigations uncovered that Agarwal had received ₹15 lakh ($17,000) from unknown sources. He also admitted to receiving files from overseas “clients” through WhatsApp and foreign phone numbers. 

Experts suspect one of these files could have been a Trojan, which allowed them full access to CoinDCX’s systems.

Adding to this, on-chain investigator ZachXBT raised issues about the company’s delayed response. He said that CoinDCX waited 17 hours to go public with the hack, only after his alert about suspicious wallet activity.

“Is a software engineer, yet opens random files sent to him on a company laptop,” ZachXBT remarked in disbelief.

>is a software engineer
>yet opens random files sent to him on a company laptop

why are people so negligent? pic.twitter.com/ZytDs1SczZ

— ZachXBT (@zachxbt) July 31, 2025

Police Begin Unraveling the Hack

After a complaint by Neblio Technologies, the Bengaluru Police Cyber Crime Division detained Agarwal on July 26. While still under investigation, he remains a prime suspect due to the level of access he held.

His LinkedIn profile, which is now widely circulated online, shows that he joined CoinDCX two years ago as a senior software engineer and was promoted to staff engineer earlier in this year. Although based in Bengaluru, he worked remotely at times, which made direct monitoring more difficult.

Authorities now believe that the attackers waited for the perfect moment to strike, and used the infected device as a backdoor into CoinDCX’s internal accounts. The hackers initially compromised an account used for liquidity provision with another exchange before making off with the funds.

CoinDCX Offers $11 Million Recovery Bounty

In response to the breach, CoinDCX has launched a “Recovery Bounty Programme” and is offering 25% of any recovered funds. This is equal to nearly $11 million if the full amount is recovered, and is one of the largest bounty programs ever seen in the Indian crypto space.

This shows just how seriously the platform is treating the incident. CoinDCX also confirmed that no customer funds were affected, as the breach targeted internal corporate wallets, not user accounts.

Overall, it is important to remember that the industry is growing fast, but so are the threats.

 

The post CoinDCX Employee Arrested After $44M Hack Rocks Crypto Exchange appeared first on Live Bitcoin News.

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: Bitcoin - @ July 31, 2025 11:15 pm