CoinDCX Employee Arrested in Ongoing Probe Into $44M Hack
On July 19, 2025, CoinDCX, a major Indian cryptocurrency exchange under Neblio Technologies, lost $44 million, worth approximately ₹378-384 crore, in a targeted hack.
The breach, which occurred between the hours of 2:37 AM and 9:40 AM, saw hackers siphon funds from an internal liquidity provisioning account to six external wallets with an initial 1 USDT test transfer.
During the hack, user funds were not affected, but the incident exposed critical vulnerabilities in the exchange’s security infrastructure. The funds were bridged from Solana to Ethereum, some of them going through Tornado Cash to mask their movement.
The CEN crime police in Bengaluru’s Whitefield arrested Rahul Agarwal, a 30-year-old CoinDCX software engineer, on July 26 in connection with the breach. Agarwal, employed since May 2023 and promoted to staff engineer in April 2025, had his login credentials compromised, which hackers exploited to access the exchange’s systems.
Some sources report that malware, likely delivered through WhatsApp from a German number offering a fake job, infected Agarwal’s work laptop. This sophisticated social engineering tactic exposes the growing risks of employee-targeted attacks in the crypto sector.
Investigation Points to Social Engineering and Insider Risks
Agarwal, a DevOps specialist, denied any direct role in the theft but acknowledged moonlighting for 3-4 private clients, a practice that may have exposed his credentials.
Authorities discovered ₹15 lakh, valued at approximately $17,100 USD, deposited into his account from an unknown source, raising questions about potential insider involvement.
The hack combined technical exploits with social engineering. Hackers deployed malware, possibly a keylogger, to steal Agarwal’s credentials, using a fake job offer as bait.
This approach is proof of the increasing sophistication of crypto heists, where attackers exploit human vulnerabilities to bypass strong technical security measures.
CoinDCX confirmed the breach targeted an internal account, not user wallets, as stated by CEO Sumit Gupta on X.
CoinDCX Responds
Following the hack, CoinDCX responded quickly by filing a police complaint on July 22, 2025, and launching a Recovery Bounty Program on July 21, offering up to 25% of the stolen funds, worth approximately $11 million, for any information that might result in their recovery.
Gupta’s tweet emphasized user fund safety, but the hack has led to public concern due to the exchange’s security issues.
The CoinDCX hack is the latest in a series of high-profile hacks, including the $234 million WazirX hack in 2024. The incident exposes the crypto industry’s vulnerability to advanced attacks and the need for strict employee training and secure credential management.
