Indian Crypto Exchange CoinDCX Loses $44M in Malware-Linked Theft

Generated by AI AgentCoin World
Thursday, Jul 31, 2025 8:00 am ET1min read
Aime RobotAime Summary

- Indian crypto exchange CoinDCX lost $44M after malware on an employee's laptop enabled hackers to drain corporate liquidity wallets.

- The breach began with a suspicious WhatsApp call to Rahul Agarwal, who later admitted using the device for freelance work that may have exposed it to malware.

- Hackers used cryptocurrency mixers to obscure $44M transfers to foreign wallets, while Agarwal received $17,131 into his personal account from an unknown source.

- CoinDCX CEO Sumit Gupta confirmed the theft originated from corporate reserves, not user funds, and denied acquisition rumors while emphasizing robust financial reserves.

- Cybersecurity experts linked the attack to North Korea's Lazarus Group, highlighting growing risks from social engineering and insider vulnerabilities in crypto security.

Indian cryptocurrency exchange CoinDCX is currently under investigation following a $44 million theft linked to malware installed on a company-issued laptop of an employee, Rahul Agarwal [1]. The breach, which occurred on July 19, 2025, was initiated after Agarwal received a suspicious WhatsApp call from a number registered in Germany [2]. This call led to the installation of malicious software on his device, which was later used to access the exchange’s corporate liquidity wallets [2].

Hackers began siphoning funds at 2:37 am, with the first transfer of 1 USDT to an external wallet. Over the next six and a half hours, they moved the full $44 million into six separate foreign wallets, using cryptocurrency mixers to obscure the transaction trail [2]. Agarwal, a permanent software engineer, was reportedly unaware of the theft until contacted by his employer. During police interrogation, he admitted to performing freelance work using his company-issued laptop, a factor that may have exposed the device to the malware [1].

A formal police case has been registered under the Indian Information Technology Act, following a First Information Report (FIR) filed by Neblio Technologies, CoinDCX’s parent company [1]. Investigators found that Agarwal had also received $17,131 into his personal bank account from an unknown source, a detail that remains under scrutiny. Cybersecurity analysts have linked the attack to the Lazarus Group, a North Korea-linked hacking collective known for targeting cryptocurrency platforms [2]. The tactics used in this breach are similar to those in the 2024 WazirX heist, where $234 million was stolen through social engineering and malware [2].

CoinDCX CEO Sumit Gupta confirmed that the stolen funds were drawn from the company’s corporate treasury and not from user accounts. He emphasized that the company is prepared to fully reimburse the losses using its financial reserves, noting that CoinDCX’s annual revenue exceeds $132 million and is backed by strong investor support [1]. Gupta also denied reports of a potential acquisition by US-based exchange Coinbase, reiterating that CoinDCX is “not up for sale” and remains focused on its operations in India [1].

The incident underscores the growing threat of insider vulnerabilities and social engineering attacks in the crypto sector, particularly in the management of employee endpoint security and operational wallets. Experts stress the need for stronger internal security protocols, including enhanced monitoring of employee access and more robust authentication mechanisms for sensitive financial operations [2]. As cryptocurrency platforms continue to attract sophisticated cyberattacks, the incident serves as a cautionary tale for the industry to adopt more comprehensive risk mitigation strategies [2].

Source: [1] Bengaluru Employee Arrested After $44M Crypto Theft – https://www.deccanherald.com/india/karnataka/bengaluru/employee-arrested-in-bengaluru-after-crypto-exchange-loses-44-million-in-major-hack-3656861

[2] CoinDCX Staff Held for $44M Heist, Hackers Exploit Login ... – https://cryptonews.com/news/coindcx-staff-held-for-44m-heist-hackers-exploited-login-credentials/

Comments



Add a public comment...
No comments

No comments yet