đ¨ Indian Police Unmask $44M CoinDCX Heist: Insider Malware Scheme Exposed
Another day, another crypto exchange gets guttedâbut this time, the thieves had a Trojan horse.
The Inside Job: Indian authorities just cracked a $44 million hack on CoinDCX, tracing it back to malware planted by someone with access. No brute force neededâjust betrayal and a few keystrokes.
How It Went Down: Details are still emerging, but early reports suggest the attacker bypassed security layers using compromised credentials. Classic 'trust no one' moment for crypto custodians.
The Aftermath: CoinDCX claims user funds are safe (sound familiar?), while regulators sharpen their knives. Meanwhile, Bitcoin barely flinchedâbecause why would it? Hackers gonna hack, exchanges gonna 'rebuild trust.'
The Kicker: Yet another reminder that in crypto, the biggest threats often wear lanyards, not balaclavas. But hey, at least it's not another 'rug pull'âprogress!
- A CoinDCX staff member was detained after hackers used his laptop to withdraw the companyâs funds.
- He was enticed with a false part-time job, and malware was added.
- CoinDCX cites zero lost user funds and refers to it as a targeted staff attack.
Indian police have arrested a CoinDCX employee after a major security breach led to the theft of $44 million in crypto assets. Rahul Agarwal, a software engineer at the exchange, was taken into custody after investigators found that his work laptop had been used in the attack. The hackers reportedly approached him with a part-time job offer and used that as a trick to plant malware on his device.
According to Bengaluru police, the attack happened on the night of July 19. First, a small transaction involving a single USDT token was sent to an unknown wallet. Within hours, $44 million worth of crypto was drained and moved across six different wallets. CoinDCX operator Neblio Technologies flagged the activity and traced it back to Agarwalâs company-issued laptop.
CoinDCX Engineer Denies Involvement in Breach
The company launched an internal investigation, which pointed to unauthorized access through Agarwalâs credentials. During questioning, he denied playing a role in the theft but admitted he had taken on freelance work for private clients while working full-time at CoinDCX. His laptop was meant strictly for official use.
Agarwal had been with the company for over two years. He joined as a senior software engineer in 2023 and was promoted to staff engineer in April 2025. Police say the malware was installed after he accepted what he believed was a freelance job, giving hackers a way into the companyâs systems.
CoinDCX CEO Sumit Gupta confirmed the breach but declined further comments due to the ongoing investigation. In a public post, he called it a sophisticated social engineering attack and said such attacks often target employees. He added that the company is fully cooperating with authorities and wants to protect the integrity of the investigation.
Some media reports have surfaced referencing the FIR we filed with the Karnataka Police regarding the security incident that impacted our platform.
As this is an ongoing investigation, we unfortunately cannot engage with the media or public on this issue. We want to ensure theâŚ
No Customer Funds Affected, Says Company
While the stolen funds were tied to CoinDCXâs internal accounts, the company has said that no user assets were affected. The compromised account was used for providing liquidity on another exchange. The breach has raised concerns about security practices in crypto firms, especially around employee device access.
Authorities are still working to identify the individuals behind the theft. CoinDCX has already taken steps to strengthen its internal controls and continues to assist the investigation led by the Bengaluru police.
