Indian authorities have arrested a CoinDCX employee following a $44 million (₹384 crore) crypto theft that reportedly leveraged sophisticated social engineering tactics to breach one of the country‘s largest crypto exchanges.
Bengaluru‘s Whitefield police detained Rahul Agarwal, a software engineer from Jharkhand, on July 26. According to local media outlets, police claimed that Agarwal became the attack vector after he was lured by scammers with freelance gigs such as writing online reviews.
“He first used his personal laptop, but later switched to his office system after being urged by the fraudsters,” a senior officer told the Deccan Herald. That switch, they claimed, enabled the hackers to infect his work device with malware, giving them access to the wallet’s credentials.
"As the matter is currently under active investigation by the relevant authorities, we are unable to share further details at this point to ensure the integrity of the process is not compromised," a CoinDCX spokesperson told Decrypt. They requested that the media and public "avoid speculation or the circulation of unverified information, as it may impede the ongoing investigation."
Inside the CoinDCX hack
The CoinDCX breach began at 2:37 AM on July 19 with a test transfer of 1 USDT, followed by the major theft at 9:40 AM when $44 million (₹384 crore) was stolen. The cybercriminals transferred the funds across six separate digital wallets, targeting accounts used for liquidity provision rather than customer funds, according to exchange officials.
CoinDCX discovered the loss hours later and filed a police complaint on July 22 through Hardeep Singh, Vice President of Public Policy at Neblio Technologies, which operates the exchange.
"Agarwal was totally in the dark about the theft that has happened by hacking into his laptop. It was late for him to realise that he was used as a tool to siphon such a huge amount of cryptocurrency," a police official told The Indian Express.
By early 2024, Agarwal had reportedly earned approximately $18,000 (₹15 lakh) through these fake opportunities, unknowingly allowing hackers to install malware that provided system access.
Agarwal is currently in police custody as investigators review the earnings he claims came from the freelance gig.
Following the hack, CoinDCX confirmed that customer funds were unaffected and said it would cover the loss from its own treasury reserves.
The exchange also announced a bounty of 25 of any recovered assets to individuals or entities that assist in tracking down the attackers or retrieving the stolen funds.
Tracing stolen crypto
Law enforcement faces significant obstacles in recovering the stolen digital assets due to crypto‘s borderless nature and limited regulatory frameworks.
"If it was a bank transfer, we could find a money trail. But it seems to be impossible as the origins of the wallets is also not from India," a senior police officer explained.
Hackers stole $2.2 billion (₹18,480 crore) globally in 2024, representing a 17 increase from the previous year, with infrastructure attacks accounting for nearly 70 of stolen funds, according to blockchain analytics firm TRM Labs‘ 2025 Crypto Crime Report.
This isn’t the first time that hackers have used fake offers of work as a social engineering technique.
Last month, it emerged that North Korean hackers were using elaborate fake job interviews as a vector to install malware on crypto professionals’ devices. Analysts say India is an emerging hotspot, with attackers using cloned websites, deepfake interviews, and fraudulent HR platforms to deliver payloads.
Your Email
