CoinDCX Employee Unwittingly Enables $44M Crypto Hack

A CoinDCX employee was tricked by a fake part-time job scam, allowing hackers to steal $44 million from the exchange’s internal wallet.

Employee Targeted Through Fake Job Offer

Bengaluru police have arrested Rahul Agarwal, an employee at the exchange, in connection with the major cyberattack on CoinDCX that led to the theft of $44.2 million in digital assets. Agarwal, originally from Jharkhand, had been with CoinDCX for over three years and held a well-paying position within the firm.

According to investigators, Agarwal unknowingly became the conduit for the hack after he was lured by cybercriminals through a fake job offer. He was initially asked to complete simple online tasks, such as writing reviews, in exchange for money. The attackers then convinced him to use his company-issued laptop to continue the assignments, giving them access to the exchange’s internal systems.

Attack Breached Internal Wallet Systems

The breach occurred on July 19 and specifically targeted an internal wallet used for liquidity provisioning. Using Agarwal’s compromised device, the attackers accessed CoinDCX’s infrastructure, operated by Neblio Technologies. Large amounts of Solana (SOL) and Tether (USDT) were drained via the Jupiter aggregator on the Solana network. His office laptop has been seized as part of the ongoing investigation.

Police believe the hackers exploited Agarwal’s corporate privileges to authorize unauthorized crypto withdrawals. Agarwal has claimed he was unaware of the malicious intent behind the tasks until he was questioned during the company’s internal probe. 

However, Hardeep Singh, who is a senior executive at CoinDCX’s parent company, Neblio Technologies, has alleged that Agarwal was in cahoots with the perpetrators. “

Recovery Efforts Underway

The stolen crypto assets have been moved to external wallets, which are now being monitored by authorities. While investigators are tracking these wallets for any movement that might help trace the funds, there is currently no guarantee of recovery. Officials have also indicated a possible involvement of foreign entities, but no group has claimed responsibility.

In response, CoinDCX has launched a bounty program offering up to 25% of any recovered assets, potentially around $11 million, to white-hat hackers and cybersecurity professionals who assist in the investigation.

Despite the scale of the theft, CoinDCX has stated that customer funds remain unaffected. The exchange has absorbed the loss using its internal reserves, with the stolen amount estimated to represent approximately 7.6% of those funds. The platform continues to operate normally, and investigations are ongoing.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice