CoinDCX Software Engineer Arrested After $44 Million Crypto Exchange Hack

The arrest marks a major breakthrough in one of India’s biggest crypto heists and reveals how hackers used employee targeting to breach exchange security.

A software engineer at India’s largest cryptocurrency exchange has been arrested in connection with a $44 million theft that rocked the platform in July.

Employee Tricked Into Installing Malware

Bengaluru police arrested Rahul Agarwal, a 30-year-old software engineer who worked at CoinDCX for over two years. Investigators say hackers posed as recruiters offering freelance work to trick Agarwal into downloading malicious software on his company laptop.

The attack happened on July 19, 2025, when someone used Agarwal’s login details to access CoinDCX’s internal systems. At 2:37 AM, the hackers made a small test transaction of one USDT token. By 9:40 AM, they had stolen $44 million and moved the funds across six different crypto wallets.

Police found that Agarwal’s bank account contained $17,000 from unknown sources. During questioning, he denied knowing about the hack but admitted to taking freelance jobs from clients he couldn’t identify. His company laptop was the only device found to be compromised during CoinDCX’s internal investigation.

How the Hack Unfolded

The theft targeted CoinDCX’s operational wallet, which the company uses for trading with partner exchanges. This wallet was separate from customer accounts, meaning user funds stayed safe throughout the attack.

Blockchain detective ZachXBT first spotted the suspicious activity and publicly reported the hack. The investigator criticized CoinDCX for waiting 17 hours before announcing the breach to users.

CoinDCX CEO Sumit Gupta confirmed the attack and called it a “sophisticated social engineering attack.” He explained that such attacks target company employees to gain unauthorized access to internal systems. The stolen funds were moved through multiple blockchain networks, making them difficult to track.

Source: @smtgpt

CoinDCX Background and Growth

Founded in 2018 by Sumit Gupta and Neeraj Khandelwal, CoinDCX has grown into India’s most valuable crypto company. The exchange serves over 16 million users and offers access to more than 500 different cryptocurrencies.

The company became India’s first crypto unicorn in 2021 after raising $90 million at a $1.1 billion valuation. In 2022, CoinDCX reached a peak valuation of $2.15 billion after securing $135 million from investors including Coinbase Ventures and Pantera Capital.

CoinDCX has raised a total of $247 million across six funding rounds from 36 investors. Major backers include Bain Capital Ventures, Jump Capital, and Polychain Capital.

India’s Crypto Security Problems

This hack adds to growing security concerns for Indian crypto exchanges. Almost exactly one year earlier, another major Indian exchange called WazirX lost $235 million to hackers. The timing has raised questions about whether Indian platforms are being specifically targeted.

According to security firm CertiK, hackers stole $2.47 billion from crypto platforms in the first half of 2025 alone. This already exceeds all losses from 2024. The two biggest thefts were the Bybit exchange losing $1.5 billion in February and Cetus Protocol losing $225 million in May.

Company Response and Recovery Efforts

CoinDCX launched a recovery bounty program offering up to 25% of any recovered funds to security experts who can help track down the stolen money. This could pay out up to $11 million, making it one of the largest crypto bounties in Indian history.

The exchange is working with cybersecurity firms and crypto forensics agencies to trace the stolen funds. They’re also cooperating with law enforcement agencies investigating the case.

Recent reports suggested that Coinbase was considering acquiring CoinDCX at a discounted price following the hack. However, CEO Gupta quickly denied these rumors on social media, stating that the company is not for sale.

What This Means for Crypto Security

The CoinDCX incident shows how modern crypto attacks increasingly target human weaknesses rather than just technical vulnerabilities. Social engineering attacks like this one are becoming more common as hackers find it easier to trick employees than to break through security systems.

The case highlights the need for better employee training and stricter controls on company devices. It also demonstrates the importance of keeping operational funds separate from customer accounts, which prevented user losses in this case.

As the investigation continues, authorities are working to identify other people who may have been involved in the theft. The arrest of Agarwal represents progress, but questions remain about the full scope of the attack and whether other exchanges face similar threats.