- Hackers used an employee’s credentials to steal $44M (₹379 Cr) from CoinDCX wallets.
- CoinDCX staff arrested after cybercriminals exploited his office-issued laptop.
- Stolen crypto routed through 6 wallets, complicating asset tracking and recovery.
In a significant development in the CoinDCX cryptocurrency theft case, Bengaluru Police have arrested a company employee, Rahul Agarwal, following a cyber breach involving $44 million (₹379 crore). The incident has raised critical concerns about internal cybersecurity protocols within India’s major crypto exchanges.
CoinDCX, one of India’s leading cryptocurrency trading platforms, detected suspicious activity in its system during the early hours of July 19, 2025. A test transaction of 1 USDT was identified at 2:37 a.m., followed by a major unauthorized transfer of $44 million(₹379 crore) a few hours later. The stolen assets were routed through six unidentified wallets in an attempt to conceal the trail.
Employee Arrested Over Credential Misuse
Rahul Agarwal, a software developer who works at CoinDCX, has been arrested over the cyber-heist. According to Bengaluru Police, his login credentials were compromised and used to gain access to the company’s systems. Agarwal was reportedly using his official laptop to freelance online, which investigators believe may have led to the breach.
Authorities have indicated that Agarwal became entangled in an online job task scam. He is said to have been deceived into installing software or giving out his log in details, in the process of carrying out simple online services such as writing reviews. This undermined the security of the official laptop provided by CoinDCX to conduct work-related tasks.
Further forensic analysis confirmed the transactions originated from Agarwal’s office-issued device. The evidence pointed to unauthorized access that aligned with the timeline of the crypto heist. He was taken into custody after an FIR was filed on July 22 by Hardeep Singh, Vice President of Public Policy and Government Affairs at CoinDCX’s parent company, Neblio Technologies.
Theft Involved Sophisticated Laundering Techniques
The hackers funneled the stolen funds through multiple digital wallets using sophisticated laundering techniques that made it impossible to track the money flow. According to the authorities, this first theft, worth 1 USDT, was used as a test, and the largest took place at around 9:40 a.m. on July 19. They are tracing the flow of the money with the help of cyber forensic teams.
Police have stated that the attackers used weaknesses within internal access mechanisms through the acquisition of the user ID and password of Agarwal. As a consequence, this resulted in the unauthorized transfer of funds between the wallets of CoinDCX crypto exchange with six unknown wallets. The cybercrime researchers opine that there must have been external hackers who colluded with insiders, which contributed more to the breach.
The inquiry continues as the authorities affirm that CoinDCX is fully cooperating with the investigation. The company also established that it is collaborating with experts in cybersecurity to identify where the stolen money is going. They refused to give more information, though, citing that the investigation is still going on.
Related: CoinDCX Denies Acquisition Rumors Amid Coinbase’s India Push
Security Protocols Under Scrutiny
The theft and the arrest have raised the issue of security measures at CoinDCX and other fintech companies that have been propped up in India. It is the opinion of industry observers that this case can lead to a reconsideration of cybersecurity protocols, especially in terms of employee device use and credentials.
Investigators are not ruling out the possibility of further arrests. They are exploring whether Agarwal had direct contact with the perpetrators or was solely an unwitting accomplice. Recovery of the funds has been difficult with the use of multiple wallets by the hackers; however, law enforcement officers are positive in monitoring the resources.
