A software engineer at Indian cryptocurrency exchange CoinDCX has been arrested in connection with a major security breach that led to a loss of $44 million in digital assets. The arrest follows an internal investigation and a complaint filed by CoinDCX operator Neblio Technologies.
Engineer’s Credentials Allegedly Compromised
Rahul Agarwal, a 30-year-old staff engineer at CoinDCX, was taken into custody by Bengaluru police after it was discovered that hackers had gained access to the exchange’s systems using his work credentials. The breach reportedly occurred through Agarwal’s office-issued laptop, which authorities believe became infected with malware after he was tricked into installing it.
CoinDCX officials have suggested that the breach was likely the result of a sophisticated social engineering attack, which targeted Agarwal to obtain access to internal accounts. The company emphasised that such attacks are designed to deceive employees and bypass traditional cybersecurity measures.
$44 Million Siphoned Overnight
The hack took place during the night of 19 July, when unauthorised access was detected on the company’s servers. Initial suspicious activity involved a small transfer of 1 USDT (Tether stablecoin), followed by a massive outflow of $44 million to six separate crypto wallets.
CoinDCX co-founder and CEO Sumit Gupta confirmed the breach in a public post on X (formerly Twitter), stating that the hack targeted an internal account used for liquidity operations with another exchange. He assured the public that no user funds were affected and that the impacted account was isolated from customer assets.
Company Urges Caution Amid Ongoing Probe
In response to widespread media interest, CoinDCX has declined to comment directly on the arrest. Instead, Gupta urged the public and press to avoid speculation. “We urge the media and the public to avoid speculation or the circulation of unverified information, as it may impede the ongoing investigation,” he said.
A spokesperson for the company reiterated this position, noting that the internal findings point to a highly targeted attack and that CoinDCX is working closely with law enforcement agencies to uncover the full details of the breach.
Employee’s Background and Activities Under Scrutiny
According to reports in The Times of India and The Indian Express, Agarwal had been working with CoinDCX for over two years. His LinkedIn profile indicates he joined as a senior software engineer in May 2023 and was promoted to staff engineer in April 2025. While his role was initially remote, he later transitioned to working on-site in Bengaluru.
During the investigation, Agarwal reportedly admitted to undertaking freelance work for up to four private clients while employed at CoinDCX, a potential violation of company policy. However, he denied any involvement in the hack itself.
Internal Breach Raises Industry-Wide Concerns
This incident highlights the growing risk of social engineering attacks within the crypto sector. With increasing reliance on remote and hybrid work environments, even internal accounts can become major vulnerabilities if proper security protocols are not rigorously maintained.
CoinDCX’s swift internal investigation and the subsequent arrest underscore the seriousness of the breach. As investigations continue, further details are expected to emerge about how hackers gained access to the company’s infrastructure through what appears to be a targeted malware operation.
