The arrest marks a serious breakthrough in one among India’s largest crypto heists and divulges how hackers used worker concentrating on to breach change safety.
A software program engineer at India’s largest cryptocurrency change has been arrested in reference to a $44 million theft that rocked the platform in July.
Worker Tricked Into Putting in Malware
Bengaluru police arrested Rahul Agarwal, a 30-year-old software program engineer who labored at CoinDCX for over two years. Investigators say hackers posed as recruiters providing freelance work to trick Agarwal into downloading malicious software program on his firm laptop computer.
The assault occurred on July 19, 2025, when somebody used Agarwal’s login particulars to entry CoinDCX’s inside techniques. At 2:37 AM, the hackers made a small take a look at transaction of 1 USDT token. By 9:40 AM, they’d stolen $44 million and moved the funds throughout six totally different crypto wallets.
Police discovered that Agarwal’s checking account contained $17,000 from unknown sources. Throughout questioning, he denied figuring out in regards to the hack however admitted to taking freelance jobs from shoppers he couldn’t determine. His firm laptop computer was the one gadget discovered to be compromised throughout CoinDCX’s inside investigation.
How the Hack Unfolded
The theft focused CoinDCX’s operational pockets, which the corporate makes use of for buying and selling with companion exchanges. This pockets was separate from buyer accounts, which means consumer funds stayed secure all through the assault.
Blockchain detective ZachXBT first noticed the suspicious exercise and publicly reported the hack. The investigator criticized CoinDCX for ready 17 hours earlier than saying the breach to customers.
CoinDCX CEO Sumit Gupta confirmed the assault and referred to as it a “refined social engineering assault.” He defined that such assaults goal firm staff to realize unauthorized entry to inside techniques. The stolen funds have been moved by way of a number of blockchain networks, making them tough to trace.
Supply: @smtgpt
CoinDCX Background and Progress
Based in 2018 by Sumit Gupta and Neeraj Khandelwal, CoinDCX has grown into India’s most useful crypto firm. The change serves over 16 million users and gives entry to greater than 500 totally different cryptocurrencies.
The corporate grew to become India’s first crypto unicorn in 2021 after elevating $90 million at a $1.1 billion valuation. In 2022, CoinDCX reached a peak valuation of $2.15 billion after securing $135 million from buyers together with Coinbase Ventures and Pantera Capital.
CoinDCX has raised a complete of $247 million throughout six funding rounds from 36 buyers. Main backers embrace Bain Capital Ventures, Leap Capital, and Polychain Capital.
India’s Crypto Safety Issues
This hack provides to rising safety issues for Indian crypto exchanges. Virtually precisely one 12 months earlier, one other main Indian change referred to as WazirX misplaced $235 million to hackers. The timing has raised questions on whether or not Indian platforms are being particularly focused.
In accordance with safety agency CertiK, hackers stole $2.47 billion from crypto platforms within the first half of 2025 alone. This already exceeds all losses from 2024. The 2 largest thefts have been the Bybit change dropping $1.5 billion in February and Cetus Protocol dropping $225 million in Might.
Firm Response and Restoration Efforts
CoinDCX launched a restoration bounty program providing as much as 25% of any recovered funds to safety specialists who can assist observe down the stolen cash. This might pay out as much as $11 million, making it one of many largest crypto bounties in Indian historical past.
The change is working with cybersecurity companies and crypto forensics businesses to hint the stolen funds. They’re additionally cooperating with law enforcement businesses investigating the case.
Latest stories advised that Coinbase was contemplating buying CoinDCX at a reduced worth following the hack. Nevertheless, CEO Gupta shortly denied these rumors on social media, stating that the corporate isn’t on the market.
What This Means for Crypto Safety
The CoinDCX incident reveals how fashionable crypto assaults more and more goal human weaknesses relatively than simply technical vulnerabilities. Social engineering assaults like this one have gotten extra widespread as hackers discover it simpler to trick staff than to interrupt by way of safety techniques.
The case highlights the necessity for higher worker coaching and stricter controls on firm units. It additionally demonstrates the significance of protecting operational funds separate from buyer accounts, which prevented consumer losses on this case.
Because the investigation continues, authorities are working to determine different individuals who might have been concerned within the theft. The arrest of Agarwal represents progress, however questions stay in regards to the full scope of the assault and whether or not different exchanges face comparable threats.
Sven Luiv Sven Luiv Read More
