CoinDCX Engineer Arrested in $44 Million Crypto Theft; Insider Breach Suspected

Rahul Agarwal, a CoinDCX employee arrested in connection with the $44 million (₹379 crore) crypto theft. Investigations revealed that hackers compromised Agarwal's login credentials to access the system and siphon off $44 million.

What Happened

• On July 19, CoinDCX detected suspicious activity starting with a test transfer of 1 USDT at 2:37 AM.
• By 9:40 AM, hackers had siphoned off $44 million in crypto assets, transferring them to six different wallets.
• The breach targeted CoinDCX’s internal liquidity account, not user funds.

The Employee: Rahul Agarwal

• Age: 30
• Role: Staff Engineer at CoinDCX, promoted in April 2025
• Location: Bengaluru, originally from Haridwar
• Work History: Joined CoinDCX in May 2023 as a senior software engineer

How the Breach Occurred

• Investigators found that Rahul’s work laptop was compromised, allowing unauthorized access to CoinDCX’s servers.
• He allegedly received a WhatsApp call from a German number and was sent files that may have contained malware.
• Rahul admitted to moonlighting for 3–4 private clients, which may have exposed his system.

Suspicious Transactions

• ₹15 lakh was deposited into Rahul’s bank account from an unknown source, raising further suspicion.

Legal Action & Investigation

• Rahul was detained on July 26 by the Whitefield CEN crime police.
• CoinDCX operator Neblio Technologies filed the complaint and is cooperating with authorities.
• The company suspects a sophisticated social engineering attack, possibly involving external collaborators.

Broader Implications

• This case highlights the vulnerabilities in internal cybersecurity and the risks of insider threats in crypto firms.
• Cybercrime units are now tracing the multi-wallet laundering trail to recover stolen assets.

The first media outlet to report the CoinDCX $44 million crypto theft and the arrest of employee Rahul Agarwal was Times Now, as well as a post on X by Crypto India (below). 

Breaking : Coindcx employee Rahul Agarwal arrested in connection with the $44 Million Crypto theft reported by the company.

Investigations revealed that hackers compromised Agarwal's login credentials to access the system and siphon off $44 million. pic.twitter.com/s4kWP8BBra

— Crypto India (@CryptooIndia) July 31, 2025