Bengaluru police uncovered that a software engineer, a CoinDCX employee, has been offered a part-time job by the hackers, who then installed malware to the system before carrying out the $44 Million exploit of the Indian cryptocurrency exchange CoinDCX.
In a developing story and unfolding investigation, Police have found a deceptive job scam that exploited an unsuspecting employee that led to the theft of approximately $44 million in digital assets.
CoinDCX reported a major security breach a couple weeks ago, with authorities revealing that the incident stemmed from a social engineering scheme in which cybercriminals posed as legitimate recruiters to gain access to the company’s internal systems.
How did the CoinDCX employee fall prey to the scam?
According to law enforcement officials, the attackers targeted a CoinDCX employee, a software engineer employed by Neblio Technologies, the operating company behind CoinDCX, and tricked him into installing malware under the guise of a part-time job opportunity.
Police allege that the engineer, identified as 30-year-old Rahul Agarwal, was lured into downloading malicious software on his company issued laptop.
This compromised device was subsequently used to infiltrate CoinDCX’s internal wallet infrastructure, ultimately enabling the unauthorized transfer of digital assets. Investigators believe the hackers leveraged Agarwal’s corporate login credentials to execute the theft.
What happens to Agarwal now?
Following a forensic investigation and internal inquiry, Agarwal, the CoinDCX employee in question was taken into custody earlier this week.
Police have seized his work laptop, which they say played a central role in facilitating the breach.
While Agarwal maintains that he was unaware of the malware or the broader scheme until confronted during the company’s internal investigation, authorities continue to probe his level of involvement.
CoinDCX co-founder and CEO Sumit Gupta had earlier attributed the loss to a server-side compromise affecting an internal operational wallet.
Gupta emphasized that customer funds remained untouched and that the company would fully absorb the financial losses stemming from the breach.
Law enforcement officials are yet to disclose the destination of the stolen funds, and the prospects for recovery remain uncertain.
However, authorities are investigating possible international links to the attack, with speculation that foreign actors may have orchestrated the operation. No group has claimed responsibility as of now.
The incident marks the second major breach involving an Indian cryptocurrency platform within a year. In July 2024, rival exchange WazirX fell victim to a $230 million exploit, allegedly carried out by North Korea’s notorious Lazarus Group.
The path to recovery
In an effort to accelerate recovery efforts, CoinDCX has announced a Recovery Bounty Programme, offering a reward of up to 25% of the stolen amount, equivalent to nearly $11 million for information leading to the retrieval of the assets.
Authorities say the investigation is active and ongoing, with further arrests and international cooperation not ruled out.
The CoinDCX breach is a testimony to the growing threat posed by cybercrime to the digital asset industry and sophistication of social engineering tactics employed by hackers to exploit organizational vulnerabilities.
A whopping $3.1 billion in cryptocurrency has been lost in the first six months of 2025 due to security issues like smart contract bugs, weak access controls, rug pulls, scams and malware campaigns.
