One of India’s biggest crypto heists took a dramatic twist when Bengaluru police arrested a CoinDCX software engineer. The detainment comes after $44 million of funds vanished from the platform, and it may all boil down to a classic case of social engineering.
The suspect, Rahul Agarwal, was a full-time employee at CoinDCX with access to internal systems. On July 19, around 2:37 am, someone used his credentials to transfer just one USDT, which was a test run. Meanwhile, by 9:40 am, the hackers had siphoned off a jaw-dropping ₹379 crore ($44 million) across six wallets.
Freelance gig or inside job?
CoinDCX’s internal probe revealed that Rahul’s company laptop had been compromised. The suspect claimed that he was unaware of the breach and insisted he was a victim himself. However, he admitted to taking freelance gigs from unknown third parties via WhatsApp calls and foreign numbers, which eventually raised serious red flags.
Police reportedly found ₹15 lakh ($17,000) deposited into Rahul’s account from unknown sources. One of the files he received from these “clients” may have been a Trojan that gave hackers access to CoinDCX systems. He was detained on July 26, and investigations are in full swing now.
The massive hack came to light when the on-chain sleuth ZachXBT flagged a breach at CoinDCX.
Later, the platform’s CEO, Sumit Gupta, confirmed the incident. ZachXBT, in a post, highlighted that a CoinDCX team member was telling people to engage with Sumit’s post to appreciate the platform’s transparency. Meanwhile, the CoinDCX team waited for 17 hours to disclose the breach, and that came after the sleuth alerted the public about the incident.
Source: ZachXBT’s X
Reacting to the arrest, ZachXBT stated “why are people so negligent?”
He also wrote, “is a software engineer, yet opens random files sent to him on a company laptop.”
CoinDCX blames sophisticated attackers
CoinDCX CEO, in a fresh post, mentioned that some media reports have surfaced referencing the FIR the platform filed with the Karnataka Police regarding the security incident that impacted the platform. However, as the investigation is ongoing, they cannot engage with the media or public on the issue.
He added that the breach appears to be the result of a “sophisticated social engineering attack”, with the attackers targeting employees to compromise internal systems. They claim that the company is fully cooperating with law enforcement.
Some media reports have surfaced referencing the FIR we filed with the Karnataka Police regarding the security incident that impacted our platform.
As this is an ongoing investigation, we unfortunately cannot engage with the media or public on this issue. We want to ensure the…
— Sumit Gupta (CoinDCX) (@smtgpt) July 31, 2025
The platform has launched a “Recovery Bounty Programme” offering 25% of any retrieved funds to anyone who can help. That’s a cool $11 million in bounty, one of the largest ever seen in India’s crypto space.
On the market side, the global crypto market cap surged marginally over the last day to stand at $3.89 trillion. Bitcoin price is up by 30% in the last 30 days, hovering above the $118k zone. Ethereum added 57% of gains in the same period. ETH is trading at an average price of $3,857.
Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.
