CoinDCX Employee Arrested After $44M Crypto Theft via Social Engineering Attack

Generated by AI AgentCoin World
Thursday, Jul 31, 2025 7:39 am ET1min read
Aime RobotAime Summary

- Rahul Agarwal, a CoinDCX engineer, was arrested in 2025 for a $44M theft traced to his work laptop via social engineering attacks.

- Hackers exploited fake job offers and a suspicious WhatsApp call to install malware, enabling large-scale crypto withdrawals from CoinDCX’s liquidity wallet.

- The breach, linked to North Korea’s Lazarus Group, exposed critical security flaws in employee oversight and endpoint protection, prompting enhanced cybersecurity measures.

- CoinDCX confirmed losses were absorbed by corporate funds, not customer assets, while investigations focus on Agarwal’s unexplained transactions and potential fund recovery.

Rahul Agarwal, a software engineer at Indian cryptocurrency exchange CoinDCX, was arrested in Bengaluru in July 2025 for a $44 million theft traced to his work-issued laptop [1]. The breach, the largest in India’s exchange sector, involved hackers gaining access to Agarwal’s login credentials through a sophisticated social engineering campaign. This included a fake job offer and a suspicious WhatsApp call from a German number, which led to the installation of malware on his device [2]. Within a short window, attackers siphoned $44 million from CoinDCX’s operational liquidity wallet, marking a significant breach in the platform’s custodial operations.

The theft was first detected on July 19 after an initial small 1 USDT transfer to an unknown wallet at 2:37 am. By 9:40 am, the attackers executed large-scale withdrawals into six separate wallets [2]. Internal investigations revealed that Agarwal had also moonlighted using his work device and had received an unexplained $17,131 deposit into his personal bank account, now under police scrutiny. During interrogation, he claimed to have been unaware of the theft until contacted by his employer [2]. The incident has been linked to the Lazarus Group, a North Korean-linked hacking collective previously associated with the 2024 WazirX heist, which saw $234 million stolen using similar methods [2].

CoinDCX CEO Sumit Gupta confirmed the breach and clarified that customer funds were not affected, as the loss was absorbed through the company’s corporate treasury [2]. He also dismissed rumors of a potential acquisition by US-based exchange Coinbase, reaffirming that the company is not for sale. The incident has raised critical questions about insider threats, operational security lapses, and the vulnerability of employee endpoints. Cybersecurity experts have emphasized the increasing sophistication of social engineering attacks and the urgent need for stronger internal controls and monitoring protocols [2].

CoinDCX has since taken steps to reinforce its cybersecurity measures and restore confidence among users. The company is collaborating with law enforcement for potential fund recovery and conducting internal reviews to address vulnerabilities. The arrest represents a key development in the investigation, which is being pursued under multiple sections of India’s Information Technology Act [2]. As the crypto sector grapples with rising security challenges, this case underscores the importance of robust access controls, employee oversight, and proactive threat detection in safeguarding digital assets.

Sources:

[1] CoinDCX Staffer Arrested Over $44M Crypto Theft: Report – Cointelegraph (https://cointelegraph.com/news/coindcx-hack-employee-arrested-44m-crypto-theft)

[2] CoinDCX Hit by $44M Cyber Heist After Employee ... – AInvest (https://www.ainvest.com/news/coindcx-hit-44m-cyber-heist-employee-compromise-2507/)

Comments



Add a public comment...
No comments

No comments yet