CoinDCX Employee Arrested After $44 Million Hack Linked to Compromised Work Laptop

Highlights:

• A CoinDCX employee has been arrested after hackers used his work laptop to steal from internal company accounts.
• Police say a job scam tricked the CoinDCX employee into installing malware that enabled access to company systems.
• CoinDCX has offered a bounty to recover stolen funds and has denied rumors about a Coinbase acquisition deal.

Police in Bengaluru arrested Rahul Agarwal, a CoinDCX staff engineer, after a breach led to the theft of $44 million in digital assets. The hack took place on July 19 when attackers accessed one of CoinDCX’s internal wallets used for liquidity. Investigators found that hackers used Agarwal’s official login credentials to access the company’s systems.

Breaking : Coindcx employee Rahul Agarwal arrested in connection with the $44 Million Crypto theft reported by the company.

Investigations revealed that hackers compromised Agarwal's login credentials to access the system and siphon off $44 million. pic.twitter.com/s4kWP8BBra

— Crypto India (@CryptooIndia) July 31, 2025

The attackers began by transferring one USDT to a test wallet in the early morning hours. A few hours later, they moved a total of $44 million to six different wallets. CoinDCX’s operator, Neblio Technologies, discovered the breach and reported it to law enforcement. During the investigation, the company confirmed that the hackers targeted only internal wallets and did not access any customer funds.

Authorities seized Agarwal’s company-issued laptop, which became the focal point of the investigation. The internal team at CoinDCX determined that the attackers exploited a vulnerability in the system linked to Agarwal’s device. According to the police, the employee had been issued the laptop exclusively to be used on business-related matters and had used it at the company office in Bengaluru. The engineer had served in CoinDCX since 2023 and was promoted in April this year.

Police Suspect Job-Bait Malware Triggered the CoinDCX Security Breach

Investigators believe that attackers posed as recruiters and convinced Agarwal to install malware on his work laptop. According to police, the hackers approached him with a fake part-time job offer. During their communication, they sent malware disguised as job-related content. After installation, the malware gave remote access to the attackers, allowing them to bypass CoinDCX’s internal systems.

Police associated the timeline of the breach with this interaction, which started at 2:37 a.m. when a trial transaction of one USDT was made. The hackers managed to empty the exchange wallet of $44 million. The internal audit done by the company linked the unauthorized access to the laptop of the arrested employee and his login credentials. Agarwal acknowledged having taken up freelance tasks for clients but denied any involvement in the breach.

Sumit Gupta, the CEO of the hacked company, described the breach as a sophisticated social engineering attack in a recent tweet. He urged the public and media to avoid speculation and to rely only on confirmed details. Gupta stated that such social engineering attacks are often employed on employees in the crypto sector. Neblio’s vice president for public policy, Hardeep Singh, confirmed that Agarwal remained a permanent employee at the time of the breach.

Some media reports have surfaced referencing the FIR we filed with the Karnataka Police regarding the security incident that impacted our platform.

As this is an ongoing investigation, we unfortunately cannot engage with the media or public on this issue. We want to ensure the…

— Sumit Gupta (CoinDCX) (@smtgpt) July 31, 2025

CoinDCX Distances Itself as Arrested Engineer Denies Role in Crypto Theft

CoinDCX did not respond directly to the arrest of Agarwal and instead cited a post by Gupta in an announcement on X. The company recently announced a Recovery Bounty Program consisting of up to 25% of the stolen amount.

The arrested CoinDCX employee has denied any involvement but acknowledged using his work laptop for other paid duties. In spite of this confession, he stated that he was unaware that his machine had been hacked. Meanwhile, investigators are tracking the flow of stolen funds. CoinDCX has recently denied claims of an acquisition by Coinbase. The CEO specifically stated that the company is focused on expanding in the Indian crypto market.