CoinDCX Hit by $44M Cyber Heist After Employee Compromise

Generated by AI AgentCoin World
Thursday, Jul 31, 2025 6:08 am ET2min read
Aime RobotAime Summary

- Indian crypto exchange CoinDCX suffered a $44M cyber heist via social engineering and malware, exploiting an employee compromised by a fake job offer.

- The breach involved unauthorized access to internal liquidity wallets, with funds siphoned through six wallets after a 1 USDT test transfer.

- Arrested employee Rahul Agarwal admitted moonlighting; experts linked the attack to North Korea-linked Lazarus Group, citing similarities to the 2024 WazirX heist.

- CoinDCX CEO confirmed customer funds remained secure, dismissed acquisition rumors, and emphasized strengthening cybersecurity protocols post-incident.

- The case highlights crypto industry vulnerabilities in insider risks and endpoint security, urging enhanced vigilance against evolving cyber threats.

Hackers have successfully breached Indian cryptocurrency exchange CoinDCX, stealing $44 million in a sophisticated cyber heist that involved social engineering and malware tactics. According to reports, the attack was executed by compromising a company employee through a fake job offer, leading to unauthorized access to internal liquidity wallets. The breach was confirmed by CoinDCX CEO Sumit Gupta, who clarified that customer funds remained secure and that the loss was absorbed through the company’s corporate treasury [1].

The incident took place on July 19 when an internal employee, Rahul Agarwal, was found to have used his company laptop for freelance work. At some point, Agarwal received a suspicious WhatsApp call from a number in Germany, which led to the compromise of his system [2]. Shortly after, hackers siphoned $44 million from CoinDCX’s operational wallet. The attack began with a small transfer of 1 USDT to a wallet at 2:37 am, followed by the large-scale withdrawal into six different wallets by 9:40 am the same day [1].

Agarwal, a permanent software engineer, was arrested following the breach. During police interrogation, he admitted to moonlighting and stated he was unaware of the theft until summoned by his employer. An FIR filed by the company’s parent firm, Neblio Technologies, has led to a police case being registered under multiple sections of the Indian Information Technology Act [2]. The case also notes that Agarwal received $17,131 into his bank account from an unknown source, a detail that remains under investigation [2].

Cybersecurity experts have linked the attack to the Lazarus Group, a North Korean-linked hacking group known for targeting cryptocurrency exchanges. The breach bears similarities to the 2024 WazirX heist, in which $234 million was stolen using comparable tactics [2]. The incident highlights the growing threat of social engineering and insider risks in the crypto industry, as well as the need for more robust internal security protocols.

In the wake of the breach, rumors emerged about a potential acquisition of CoinDCX by US-based exchange Coinbase, with some media outlets suggesting the deal could value the firm below $900 million. However, CoinDCX CEO Sumit Gupta has dismissed these as unfounded, reaffirming the company’s focus on its Indian market and stating that CoinDCX is "not up for sale." The company is now working to restore trust with its user base and reinforce its cybersecurity measures.

The incident underscores the broader vulnerabilities within the cryptocurrency ecosystem, particularly when it comes to employee endpoint security and operational wallet management. As exchanges continue to face evolving cyber threats, the case serves as a stark reminder of the need for heightened vigilance and more comprehensive risk mitigation strategies.

Sources:

[1] Bengaluru Employee Arrested After $44M Crypto Theft – https://www.deccanherald.com/india/karnataka/bengaluru/employee-arrested-in-bengaluru-after-crypto-exchange-loses-44-million-in-major-hack-3656861

[2] CoinDCX Staff Held for $44M Heist, Hackers Exploit Login ... – https://cryptonews.com/news/coindcx-staff-held-for-44m-heist-hackers-exploited-login-credentials/

Comments



Add a public comment...
No comments

No comments yet