Indian Police Bust $44 Million CoinDCX Hack Tied to Insider Malware Trap

A CoinDCX staff member was detained after hackers used his laptop to withdraw the company’s funds.

He was enticed with a false part-time job, and malware was added.

CoinDCX cites zero lost user funds and refers to it as a targeted staff attack.

Indian police have arrested a CoinDCX employee after a major security breach led to the theft of $44 million in crypto assets. Rahul Agarwal, a software engineer at the exchange, was taken into custody after investigators found that his work laptop had been used in the attack. The hackers reportedly approached him with a part-time job offer and used that as a trick to plant malware on his device.

According to Bengaluru police, the attack happened on the night of July 19. First, a small transaction involving a single USDT token was sent to an unknown wallet. Within hours, $44 million worth of crypto was drained and moved across six different wallets. CoinDCX operator Neblio Technologies flagged the activity and traced it back to Agarwal’s company-issued laptop.

Also Read: Crypto Hacks in May 2025 Hit $244M, But $157M Frozen in Swift Recovery Efforts

CoinDCX Engineer Denies Involvement in Breach

The company launched an internal investigation, which pointed to unauthorized access through Agarwal’s credentials. During questioning, he denied playing a role in the theft but admitted he had taken on freelance work for private clients while working full-time at CoinDCX. His laptop was meant strictly for official use.

Agarwal had been with the company for over two years. He joined as a senior software engineer in 2023 and was promoted to staff engineer in April 2025. Police say the malware was installed after he accepted what he believed was a freelance job, giving hackers a way into the company’s systems.

CoinDCX CEO Sumit Gupta confirmed the breach but declined further comments due to the ongoing investigation. In a public post, he called it a sophisticated social engineering attack and said such attacks often target employees. He added that the company is fully cooperating with authorities and wants to protect the integrity of the investigation.

Some media reports have surfaced referencing the FIR we filed with the Karnataka Police regarding the security incident that impacted our platform.

As this is an ongoing investigation, we unfortunately cannot engage with the media or public on this issue. We want to ensure the…

— Sumit Gupta (CoinDCX) (@smtgpt) July 31, 2025

No Customer Funds Affected, Says Company

While the stolen funds were tied to CoinDCX’s internal accounts, the company has said that no user assets were affected. The compromised account was used for providing liquidity on another exchange. The breach has raised concerns about security practices in crypto firms, especially around employee device access.

Authorities are still working to identify the individuals behind the theft. CoinDCX has already taken steps to strengthen its internal controls and continues to assist the investigation led by the Bengaluru police.

Also Read: Crypto Hacks Hit $2.1B in H1 2025, TRM Labs Cites Surge in State-Sponsored Crime

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: Bitcoin - @ July 31, 2025 12:30 pm