On July 26, Bengaluru police arrested Rahul Agarwal, a 30-year-old software engineer from CoinDCX, in connection with a $44 million (₹379 crore) cryptocurrency theft from the exchange's internal wallet. He had worked at CoinDCX for more than two years.
The theft began on July 19 with a test transfer of 1 USDT at 2:37 AM. Using stolen login credentials from the laptop provided by Agarwal's company, the hackers transferred around $44M to six separate wallets by mid-morning.
Investigators say Agarwal had worked as a freelancer for unknown clients via WhatsApp—including instructions via a German number—and admitted to receiving a deposit of ₹15 lakh (~$17K). Authorities allege that malware was used to compromise his machine.
CoinDCX's parent company, Neblio Technologies, confirmed that no customer assets were lost, as the compromised wallet was separate from user holdings. The exchange also launched a reward of up to $11M for information that helps recover the stolen funds.---🔐 What’s at Stake Security experts warn that this incident reflects a growing trend: targeting privileged employees through social engineering to access sensitive infrastructure.
A Reddit user summarized: > “In this case… he is the victim, not the villain. Credential theft is real—and so are the gaps in access controls. Let’s fix the system, not just blame the user.”
A senior official from Neblio described the breach as a "sophisticated social engineering attack," and emphasized that CoinDCX is fully cooperating with the investigation. Given the considerable scale of the theft and internal exposure, this case is already prompting new scrutiny over the cybersecurity standards of cryptocurrency exchanges, especially in emerging markets. Regulators in India and beyond may take notice.
Let me know if you would like an analysis of how the stolen funds could be traced on the blockchain, or how this compares to other recent breaches of cryptocurrency platforms.
