E L E N
--
On July 26, Bengaluru police arrested Rahul Agarwal, a 30-year‑old software engineer at CoinDCX, in connection with a $44 million (₹379 crore) crypto theft from the exchange’s internal wallet. He had worked at CoinDCX for over two years.
The heist began on July 19 with a test transfer of 1 USDT at 2:37 a.m. Using login credentials hijacked from Agarwal’s company-issued laptop, hackers transferred around $44M into six separate wallets by mid-morning.
Investigators say Agarwal had been freelancing for unknown clients via WhatsApp—including instructions via a German number—and admitted receiving a ₹15 lakh (~$17K) deposit. Authorities allege malware was used to compromise his machine.
CoinDCX parent Neblio Technologies has confirmed no customer assets were lost, as the compromised wallet was separate from user holdings. The exchange also launched an up to $11M bounty for leads to recover the stolen funds.
---
🔐 What’s at Stake
Security experts warn this incident reflects a growing trend: targeting well-privileged employees through social engineering to access sensitive infrastructure.
One Reddit user summarized:
> “In that case… he’s the victim, not the villain. Credential theft is real — and so are the gaps in access controls. Let’s fix the system, not just blame the user.”
A senior official at Neblio described the breach as a “sophisticated social engineering attack”, and stressed that CoinDCX is cooperating fully with the investigation.
With the sizeable scale of theft and internal exposure, this case is already sparking renewed scrutiny on crypto exchange cybersecurity standards, especially in emerging markets. Regulators in India and beyond may take note.
Let me know if you’d like a breakdown of how the stolen funds might be tracked on-chain, or how this compares to other recent crypto platform breaches.
The heist began on July 19 with a test transfer of 1 USDT at 2:37 a.m. Using login credentials hijacked from Agarwal’s company-issued laptop, hackers transferred around $44M into six separate wallets by mid-morning.
Investigators say Agarwal had been freelancing for unknown clients via WhatsApp—including instructions via a German number—and admitted receiving a ₹15 lakh (~$17K) deposit. Authorities allege malware was used to compromise his machine.
CoinDCX parent Neblio Technologies has confirmed no customer assets were lost, as the compromised wallet was separate from user holdings. The exchange also launched an up to $11M bounty for leads to recover the stolen funds.
---
🔐 What’s at Stake
Security experts warn this incident reflects a growing trend: targeting well-privileged employees through social engineering to access sensitive infrastructure.
One Reddit user summarized:
> “In that case… he’s the victim, not the villain. Credential theft is real — and so are the gaps in access controls. Let’s fix the system, not just blame the user.”
A senior official at Neblio described the breach as a “sophisticated social engineering attack”, and stressed that CoinDCX is cooperating fully with the investigation.
With the sizeable scale of theft and internal exposure, this case is already sparking renewed scrutiny on crypto exchange cybersecurity standards, especially in emerging markets. Regulators in India and beyond may take note.
Let me know if you’d like a breakdown of how the stolen funds might be tracked on-chain, or how this compares to other recent crypto platform breaches.
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.