CoinDCX Hit by $44M Social Engineering Hack After Staff Engineer’s Breach

Generated by AI AgentCoin World
Thursday, Jul 31, 2025 7:32 pm ET2min read
Aime RobotAime Summary

- Indian crypto exchange CoinDCX lost $44M in a social engineering hack after an employee's credentials were compromised via malware.

- Staff engineer Rahul Agarwal, arrested for part-time freelance work and suspicious file exchanges, enabled hackers to access internal systems.

- The breach highlighted insider threat risks as CoinDCX delayed disclosure by 17 hours and faced criticism for weak internal monitoring.

- CoinDCX launched a $11M recovery bounty program, emphasizing the need for stronger employee security training and proactive cyber protocols.

An Indian cryptocurrency exchange, CoinDCX, has been reeling from a major security breach in which $44 million was stolen. The incident, detected on July 19, was traced back to compromised credentials of an employee, Rahul Agarwal, a staff engineer at the firm. According to the investigation, the breach was initiated after Agarwal opened suspicious files or clicked on malicious links sent to his work-issued laptop, enabling hackers to install malware and gain unauthorized access to the system [1].

Agarwal admitted to working part-time for four freelance clients during his employment at CoinDCX, a fact that has led to increased scrutiny and suspicion. He reportedly received ₹15 lakh ($17,000) from unknown sources and exchanged files with overseas clients via WhatsApp from foreign phone numbers. Experts suspect that one of these files could have been a Trojan, granting hackers full access to internal systems [1].

The attack is being classified as a social engineering incident rather than a traditional cyberattack, as no technical vulnerability in CoinDCX’s infrastructure was exploited. The company’s co-founder and CEO, Sumit Gupta, stated that the breach was a result of human error rather than a system flaw. This perspective underscores the growing risks associated with insider threats and the importance of robust internal security protocols [1].

Following an alert from on-chain investigator ZachXBT, CoinDCX took 17 hours to publicly disclose the hack. Critics have questioned the delay, highlighting the need for more transparent and timely communication in cybersecurity incidents. The delayed response has fueled further scrutiny over the company’s internal monitoring and incident response capabilities [1].

On July 26, the Bengaluru Police Cyber Crime Division arrested Agarwal after a complaint was filed by CoinDCX’s parent company, Neblio Technologies. Agarwal’s LinkedIn profile reveals that he had joined CoinDCX two years ago and was recently promoted to staff engineer. His remote working arrangement, while common in the tech industry, may have contributed to the lack of direct oversight [1].

Authorities believe the hackers struck at a precise moment, using the infected laptop as a backdoor into the company’s internal accounts. The initial breach targeted an account used for liquidity provision with another exchange before the hackers siphoned off $44 million into six crypto wallets [1].

In response to the breach, CoinDCX has launched a Recovery Bounty Programme, offering a reward of up to $11 million—25% of any recovered funds—marking one of the largest bounty programs in India’s crypto sector. The company has also assured that customer funds were not affected, as the breach targeted internal corporate wallets rather than user accounts [1].

This incident highlights the critical need for stronger internal cybersecurity measures, including employee training on phishing and social engineering tactics. It also raises questions about the adequacy of current protocols in protecting sensitive systems from insider threats. As the crypto industry continues to expand, the frequency and sophistication of such attacks are expected to rise, making proactive security strategies more essential than ever [1].

Source: [1] CoinDCX Employee Arrested After $44M Hack Rocks Crypto Exchange (https://www.livebitcoinnews.com/coindcx-employee-arrested-after-44m-hack-rocks-crypto-exchange/)

Comments



Add a public comment...
No comments

No comments yet