In a major breach of trust, Rahul Agarwal, an engineer at cryptocurrency exchange CoinDCX, has been taken into custody over allegations of stealing $44 million from the company. Investigators from the Mumbai Cyber Crime Unit say the theft occurred after hackers reportedly accessed the firm’s systems using Agarwal’s compromised login details, obtained through what they describe as a highly targeted social engineering scheme.
The breach unfolded on July 19 when hackers first tested system vulnerabilities with a $1 transaction before draining $44 million from the exchange's internal liquidity wallets just hours later. Police confirmed the attackers specifically targeted Agarwal, a DevOps staff engineer promoted to a high-access role last April, by sending malware laden files through a WhatsApp call originating from Germany.
Investigators say Rahul Agarwal broke company security rules by using his CoinDCX work laptop for side gigs with outside clients. Not long after the $44 million theft, about ₹15 lakh (around $17,000) from unknown sources landed in his personal bank account, a detail that has fueled suspicions he may have helped the attackers from the inside.
CoinDCX CEO Sumit Gupta described the incident as “alarmingly sophisticated” but stressed that customer funds weren’t touched, and the company absorbed the loss from its own reserves. The case is now India’s second big crypto exchange breach in less than two years, after the $230 million hack at WazirX in 2024. Cybercrime teams are chasing the missing funds through six crypto wallets and have put up an $11 million bounty for their recovery. Agarwal is facing charges of aggravated theft and unauthorized access, while international investigators follow leads tied to a German phone number linked to the hack.