CoinDCX Software Engineer Arrested in Connection to $44 Million Hack (Report)

The Indian exchange is the latest victim of bad actors exploiting vulnerabilities and taking control of internal systems, resulting in millions of dollars being lost.

The losses this year, overall, are already in the billions, and, regrettably, continue to increase at an alarming pace.

Details on What Happened

A local Indian news outlet, The Times of India, shared the story about Rahul Agarwal, a staff member of the CoinDCX exchange, whose login information was compromised. He has been taken into custody by Bengaluru authorities, reportedly linked to a ₹379-crore ($44 million) exploit of funds.

The alarm was raised following a complaint by Nebilo Technologies, the company that runs the exchange. Their Vice President for public policy, Hardeep Singh, stated the following:

“Rahul had a permanent role within the company, and he was provided with a laptop strictly for work. Our investigation began after we discovered that an unknown person had gained unauthorized access to our systems on July 19th, around 2:30 am, by transferring 1 USDT to an external wallet. Several hours later, around 9:30 a.m., the $44 million was siphoned off and distributed among six wallets.

During his questioning by the police, Agarwal maintained his innocent stance, claiming he knew nothing about the hack. However, he did admit to “moonlighting” (working a second job outside regular business hours) with three to four private parties, without thoroughly vetting them. 

It’s further noted that the accused received ₹15 lakh (~$17,000) in his personal bank account from an unknown source. The Bengaluru police also point out that Agarwal claimed to have received a phone call from a German phone number, stating he “had a few files to complete.” 

He believes one of those files was fitted with malware, which granted the attackers access to CoinDCX’s internal systems, and he remained adamant that he was unaware of what was happening until the company summoned him.

The exchange’s founder and CEO, Sumit Gupta, shared the bitter news of the attack on X, calling it a “sophisticated social engineering attack,” but without being able to disclose any further information on what had transpired.

Some media reports have surfaced referencing the FIR we filed with the Karnataka Police regarding the security incident that impacted our platform.

As this is an ongoing investigation, we unfortunately cannot engage with the media or public on this issue. We want to ensure the…

— Sumit Gupta (CoinDCX) (@smtgpt) July 31, 2025

Hefty Losses

Unfortunately, the attacks on crypto exchanges are on the rise, increasing in complexity, and the damage to their coffers is significant.

The most notable example is the hack on Bybit in February, which resulted in a $1.5 billion loss, linked to the North Korean Lazarus Group.

Overall, 2025 has seen enormous amounts of funds stolen, topping records from previous years only during the first half of the year.

These incidents serve as an example of how geopolitical tensions, cybersecurity vulnerabilities, and sophisticated adversaries continue to pose a significant risk to even well-established cryptocurrency platforms.