Recently, the largest Indian cryptocurrency exchange CoinDCX made headlines: an engineer from Bangalore stole approximately $44 million from the platform. And this is not just a hack — it is an insider job with elements of social engineering and technical vulnerabilities.

---

🔍 What happened?

🔹 A CoinDCX developer, who previously worked as a freelance engineer, gained access to internal APIs and systems used to manage funds on the exchange.

🔹 He created several fake accounts through which he transferred cryptocurrency in small batches to avoid suspicion.

🔹 By using automated scripts, he was able to bypass the monitoring and security systems.

🔹 The withdrawn funds were partially transferred through DeFi platforms, then sent to mixers and external wallets.

---

⚙️ How did they pull this off?

Here is how the perpetrator's approximate actions looked:

1. 🧑‍💻 Insider access — an engineer with technical access to part of the system used old session tokens and residual rights.

2. 🪤 Bypassing logs and tracking — fake accounts were created that looked like ordinary clients but were linked to scripts.

3. 🔁 Splitting the withdrawal — a large amount was broken down into hundreds of small transactions to avoid triggering security.

4. 🌪 Covering tracks — withdrawing through mixers, DeFi routes, and external exchanges with low KYC.

---

⚠️ What does CoinDCX say?

The exchange stated that:

User funds were not harmed — reserves and liquid assets unrelated to clients were stolen.

The team has already regained control and strengthened security measures.

The police arrested a suspect who lived in Bangalore and previously 'freelanced' for crypto projects.

---

🧠 Conclusion: one cannot relax even within the team

Even the largest exchanges with multi-million turnovers are subject to risks of internal sabotage. “Inside” attacks are among the most dangerous, as they are difficult to detect in real time.

What can an ordinary user take away?

🔐 Store large assets in personal wallets, not on the exchange.

👁‍🗨 Monitor account activity and enable multi-factor authentication (2FA).

📚 Trust, but verify: even exchanges with a name are not 100% protection against the human factor.