In a shocking breach of trust, CoinDCX engineer Rahul Agarwal was arrested for his alleged involvement in the theft of $44 million from the cryptocurrency exchange where he worked. According to Mumbai Cyber Crime Unit reports, hackers gained access to the company's systems by compromising Agarwal's credentials in what investigators describe as a sophisticated social engineering attack.
The breach unfolded on July 19 when hackers first tested system vulnerabilities with a $1 transaction before draining $44 million from the exchange's internal liquidity wallets just hours later. Police confirmed the attackers specifically targeted Agarwal, a DevOps staff engineer promoted to a high-access role last April, by sending malware laden files through a WhatsApp call originating from Germany.
Authorities revealed Agarwal violated company security policies by using his work laptop for freelance projects with unauthorized clients. Investigators discovered ₹15 lakh ($17,000) from undisclosed sources deposited into his personal bank account shortly after the theft, raising suspicions of insider collaboration. CoinDCX CEO Sumit Gupta called the attack "alarmingly sophisticated" but emphasized user funds remained unaffected, with losses covered by company reserves.
The arrest marks India's second major crypto exchange breach in 18 months, following WazirX's $230 million theft in 2024. Cybercrime units continue tracking the stolen funds across six cryptocurrency wallets and have offered an $11 million recovery bounty. Agarwal faces charges of aggravated theft and unauthorized system access as international investigators pursue leads related to the German phone number used in the attack.