CoinDCX Engineer Arrested in $44M Crypto Theft After Credential Breach

Generated by AI AgentCoin World
Thursday, Jul 31, 2025 6:57 am ET1min read
Aime RobotAime Summary

- A CoinDCX engineer was arrested in India for a $44M crypto theft after hackers exploited his compromised credentials via social engineering.

- The breach targeted liquidity accounts, not user funds, with stolen assets transferred to six wallets within hours of initial access.

- Experts linked the attack to the 2024 WazirX heist and North Korea's Lazarus Group, highlighting vulnerabilities in employee endpoint security.

- Police investigate a suspicious $17K deposit into the engineer's account, while CoinDCX denies acquisition rumors and emphasizes market commitment.

A CoinDCX software engineer, Rahul Agarwal, has been arrested in India in connection with a $44 million cryptocurrency theft from the exchange in mid-July. The breach occurred when hackers allegedly compromised Agarwal’s work laptop and login credentials, enabling them to gain unauthorized access to the company’s internal systems. Bengaluru City police detained Agarwal following an internal investigation by the exchange’s parent company, Neblio Technologies, which confirmed that the breach originated through his compromised account [1]. During questioning, Agarwal denied involvement in the theft but admitted to engaging in freelance work while employed at CoinDCX [2].

The security breach began on the night of July 19, when hackers first transferred 1 USDT to a wallet. By early the next morning, the full $44 million was siphoned and transferred to six different wallets [3]. Police reportedly stated that hackers used a social engineering attack to trick Agarwal into installing malware on his work laptop [4]. Agarwal’s work history shows he had been employed at CoinDCX for over two years, with a promotion to staff engineer in April 2025 [2].

CoinDCX CEO Sumit Gupta has characterized the incident as a “sophisticated social engineering attack” and emphasized that user funds were not impacted. The stolen amount came from the exchange’s liquidity accounts, not from customer wallets [1]. He also urged the public and media to refrain from spreading unverified information, as it may hinder the ongoing investigation. An FIR has been filed under multiple sections of the Indian Information Technology Act, and police are also investigating a $17,131 deposit into Agarwal’s bank account from an unknown source [2].

Cybersecurity experts have drawn parallels between the attack and the 2024 WazirX heist, where $234 million was stolen using similar methods. Some analysts have also linked the CoinDCX breach to the North Korea-affiliated Lazarus Group, a hacking collective known for targeting cryptocurrency exchanges [2]. The incident has raised concerns about the vulnerability of exchanges to insider threats and the importance of securing employee endpoints. CoinDCX has denied recent rumors of being in talks for acquisition by Coinbase, reiterating its commitment to the Indian market [1].

Sources:

[1] Bengaluru Employee Arrested After $44M Crypto Theft – https://www.deccanherald.com/india/karnataka/bengaluru/employee-arrested-in-bengaluru-after-crypto-exchange-loses-44-million-in-major-hack-3656861

[2] CoinDCX Staff Held for $44M Heist, Hackers Exploit Login ... – https://cryptonews.com/news/coindcx-staff-held-for-44m-heist-hackers-exploited-login-credentials/

[3] CoinDCX Engineer Arrested for $44 Million Hack Using ... – https://coinfomania.com/coindcx-engineer-arrested-44m-hack/

[4] CoinDCX Employee Arrested in $44M Crypto Theft – https://coinpedia.org/crypto-live-news/coindcx-employee-arrested-in-44m-crypto-theft/

Comments



Add a public comment...
No comments

No comments yet