CoinDCX Employee Arrested in $44M Crypto Hack, Denies Involvement

An employee at Indian crypto exchange CoinDCX has been arrested after a massive breach resulted in the theft of $44 million worth of cryptocurrency, with police investigations pointing to malware installed via a social engineering scam targeting the employee.

Rahul Agarwal, a software engineer who worked at CoinDCX for several years, fell victim to hackers posing as recruiters offering freelance work. Agarwal was tricked into downloading malicious software on his company laptop, which then allowed the attackers to compromise his login credentials and secretly access the exchange’s internal systems. Investigators say this attack relied on sophisticated social engineering—methods that manipulate targeted individuals to circumvent technical security measures.

The hack took place in the early hours of July 19, 2025. It started with a small test transaction, after which approximately $44 million was siphoned from CoinDCX’s wallet to six different accounts. Internal reviews found Agarwal’s company laptop was the sole compromised device, and authorities also discovered about $17,000 in his bank account from unknown sources. Agarwal has denied any direct involvement, claiming ignorance of the breach and explaining the funds as payments from freelance assignments.

CoinDCX’s CEO, Sumit Gupta, stated that preliminary findings show this was a targeted social engineering attack, and reassured users that customer wallets had not been affected by the breach. The platform has been cooperating with authorities, but recovering the stolen funds is considered highly challenging. Crypto’s unregulated environment and the use of privacy-enhancing tools by hackers make it almost impossible to trace or reclaim the assets once they have left the exchange’s control.

The case has highlighted critical vulnerabilities in crypto exchange security, especially the risk posed by insider threats and employee manipulation. Social engineering remains a major challenge for firms, as this type of attack focuses on human error rather than technical flaws. Authorities continue to investigate whether Agarwal was complicit or himself a victim, but stress that the lack of strict cryptocurrency regulations both within India and internationally significantly hinders recovery efforts.

Police have registered charges under various sections of the Information Technology Act and Indian penal code, but the focus remains on the broader issue of cybersecurity in the digital assets sector.