CoinDCX Engineer Arrested for $44M Crypto Theft via Malware

Generated by AI AgentCoin World
Thursday, Jul 31, 2025 6:59 am ET2min read
Aime RobotAime Summary

- A CoinDCX engineer was arrested for enabling a $44M crypto theft via malware, siphoning funds from corporate reserves using mixers to obscure transactions.

- The breach, uncovered through API anomalies and hidden code, involved Agarwal's collaboration with hackers, raising concerns about insider threats and compromised employee endpoints.

- CoinDCX pledged enhanced security and full cooperation with authorities, while experts emphasized stricter access controls and audits to prevent similar attacks linked to groups like Lazarus.

- The incident mirrors the 2024 WazirX hack, highlighting vulnerabilities in internal systems and prompting calls for proactive measures to secure crypto infrastructure and user assets.

A CoinDCX software engineer, Rahul Agarwal, has been arrested for allegedly facilitating a $44 million cryptocurrency theft from India’s leading exchange [1]. The breach, which took place in early July 2025, involved the insertion of malware into the company’s system by Agarwal, enabling hackers to siphon digital assets without immediate detection [2]. The stolen crypto—valued at approximately ₹370 crore—was transferred to multiple wallets using cryptocurrency mixers to obscure the trail [3].

The incident was uncovered during a routine technical audit when CoinDCX’s team noticed unusual API activity and hidden code within the company’s wallet infrastructure [2]. Forensic analysis traced the malicious activity back to Agarwal, and subsequent investigations revealed communication and financial transactions between him and the hackers [1]. Authorities believe this was a coordinated attack rather than a random breach and suspect Agarwal had accomplices [3].

CoinDCX has confirmed that the stolen funds were drawn from the company’s corporate reserves and not from user accounts [2]. The company has pledged to enhance internal security and cooperate fully with law enforcement. “We are treating this matter with the highest seriousness,” a company spokesperson stated. “We’re working closely with cybercrime officials to recover the funds and ensure something like this never happens again” [2].

The breach has raised alarm within the crypto community, particularly over insider threats. Anil Kumar, a blockchain security expert, noted that the incident underscores the need for exchanges to prioritize both external and internal security measures. “Crypto firms need to focus not only on outside hackers but also on who has access inside their own teams” [3]. Experts have called for stricter access controls, regular audits, and improved internal reporting systems to prevent similar incidents.

The police have registered a case under multiple sections of the Indian Information Technology Act and are working with international cybercrime units and blockchain tracking firms to trace the stolen funds [1]. Agarwal, who had been working freelance on a company-issued laptop, reportedly received a suspicious WhatsApp call from a number in Germany, which led to the compromise of his system [2]. He admitted to working additional jobs during the incident but denied knowing about the theft until contacted by his employer [1].

While the breach bears similarities to the 2024 WazirX hack, in which $234 million was stolen using similar methods, it has highlighted the vulnerability of internal systems and the risks posed by compromised employee endpoints [2]. Cybersecurity analysts have linked the attack to the Lazarus Group, a North Korean-affiliated hacking collective [1].

CoinDCX CEO Sumit Gupta has denied rumors of a potential acquisition by US-based Coinbase and emphasized that the company is not up for sale [2]. The firm is now focused on rebuilding user confidence and reinforcing its security protocols [2].

This case serves as a cautionary tale for the broader crypto industry. As threats become more sophisticated, exchanges must remain vigilant and proactive in securing both their infrastructure and user assets [1].

Sources:

[1] Bengaluru Employee Arrested After $44M Crypto Theft – https://www.deccanherald.com/india/karnataka/bengaluru/employee-arrested-in-bengaluru-after-crypto-exchange-loses-44-million-in-major-hack-3656861

[2] CoinDCX Staff Held for $44M Heist, Hackers Exploit Login ... – https://cryptonews.com/news/coindcx-staff-held-for-44m-heist-hackers-exploited-login-credentials/

[3] CoinDCX Engineer Arrested for $44 Million Hack Using ... – https://coinfomania.com/coindcx-engineer-arrested-44m-hack/

Comments



Add a public comment...
No comments

No comments yet