CoinDCX worker Rahul Agarwal has simply been arrested in connection to the large $44 million hack. What actually occurred?
The Indian crypto area was shaken this July when CoinDCX, one of many nation’s prime cryptocurrency exchanges, suffered a significant hack. Through the hack, a staggering $44 million vanished from the platform in what now seems to be one among India’s largest crypto thefts.
Apparently, an organization worker’s laptop computer seems to have been concerned.
To date, the hack has led to the arrest of Rahul Agarwal, a software program engineer at CoinDCX. Listed here are some extra particulars:.
CoinDCX Hack Linked to Worker Credentials
The hack occurred on July 19, when suspicious exercise involving USDT was first detected on the alternate. A single token switch acted as a take a look at. Simply hours after this take a look at switch, hackers siphoned almost ₹379 crore ($44 million) throughout six crypto wallets.
Breaking : Coindcx worker Rahul Agarwal arrested in reference to the $44 Million Crypto theft reported by the corporate.
Investigations revealed that hackers compromised Agarwal’s login credentials to entry the system and siphon off $44 million. pic.twitter.com/s4kWP8BBra
— Crypto India (@CryptooIndia) July 31, 2025
A number of days later, investigators traced the incident again to Rahul Agarwal, a employees engineer at CoinDCX. Whereas Agarwal denied any involvement within the hack, he admitted to working part-time for 4 freelance shoppers whereas employed on the firm. This element has rapidly raised purple flags.
CoinDCX’s dad or mum firm, Neblio Applied sciences, found that Agarwal’s work-issued laptop computer had been compromised. In consequence, the hackers had direct entry to inner methods.
The “Social Engineering Assault”
Based on CoinDCX co-founder and CEO Sumit Gupta, this hack was not a consequence of technical failure alone. As a substitute, he referred to as it a “social engineering assault”. For context, this time period refers to a state of affairs the place hackers trick somebody into giving entry to confidential info.
On this case, hackers probably satisfied Agarwal to open recordsdata or click on hyperlinks that put in malware on his work laptop computer.
This might have given them entry to his credentials with out his information. CoinDCX declined to verify the arrest however identified that an investigation was ongoing.
Freelance Work Raises Extra Suspicions
Additional investigations uncovered that Agarwal had acquired ₹15 lakh ($17,000) from unknown sources. He additionally admitted to receiving recordsdata from abroad “shoppers” by WhatsApp and overseas cellphone numbers.
Consultants suspect one among these recordsdata may have been a Trojan, which allowed them full entry to CoinDCX’s methods.
Including to this, on-chain investigator ZachXBT raised points in regards to the firm’s delayed response. He mentioned that CoinDCX waited 17 hours to go public with the hack, solely after his alert about suspicious pockets exercise.
“Is a software program engineer, but opens random recordsdata despatched to him on an organization laptop computer,” ZachXBT remarked in disbelief.
>is a software program engineer
>but opens random recordsdata despatched to him on an organization laptop computerwhy are individuals so negligent? pic.twitter.com/ZytDs1SczZ
— ZachXBT (@zachxbt) July 31, 2025
Police Start Unraveling the Hack
After a criticism by Neblio Applied sciences, the Bengaluru Police Cyber Crime Division detained Agarwal on July 26. Whereas nonetheless underneath investigation, he stays a chief suspect because of the stage of entry he held.
His LinkedIn profile, which is now extensively circulated on-line, exhibits that he joined CoinDCX two years in the past as a senior software program engineer and was promoted to employees engineer earlier on this yr. Though primarily based in Bengaluru, he labored remotely at occasions, which made direct monitoring harder.
Authorities now consider that the attackers waited for the proper second to strike, and used the contaminated system as a backdoor into CoinDCX’s inner accounts. The hackers initially compromised an account used for liquidity provision with one other alternate earlier than making off with the funds.
CoinDCX Presents $11 Million Restoration Bounty
In response to the breach, CoinDCX has launched a “Restoration Bounty Programme” and is providing 25% of any recovered funds. This is the same as almost $11 million if the complete quantity is recovered, and is without doubt one of the largest bounty applications ever seen within the Indian crypto area.
This exhibits simply how critically the platform is treating the incident. CoinDCX additionally confirmed that no buyer funds have been affected, because the breach focused inner company wallets, not consumer accounts.
Total, it is very important do not forget that the trade is rising quick, however so are the threats.