Bengaluru Techie Arrested In $44 Mn CoinDCX Crypto Heist

Coinbase Doubles Down On CoinDCX, Makes Fresh Investment At $2.45 Bn Valuation

SUMMARY

Bengaluru Police arrested Rahul Agarwal, a software engineer at CoinDCX after hackers allegedly used his login credentials to exploit confidential financial processes

Agarwal denied any involvement in the theft but admitted to engaging in ‘moonlighting’

On July 19, CoinDCX suffered a cyberattack that drained $44.2 Mn from an internal wallet used for liquidity provisioning

Investigation into CoinDCX’s $44 Mn (nearly INR 380 Cr) crypto heist has led to a breakthrough with Bengaluru Police reportedly arresting a software engineer of the company after hackers allegedly used his login credentials to exploit confidential financial processes.

A TOI report said that the arrested employee has been identified as Rahul Agarwal (30), a resident of Carmelaram area and from Haridwar in Uttarakhand. The arrest follows a complaint by Neblio Technologies, which runs CoinDCX.

TOI reported that the case surfaced when Neblio Technologies’ vice president for public policy, Hardeep Singh, informed police of unusual activity on the company’s platform. An unknown person hacked into the CoinDCX system at 2.37 AM on July 19 and transferred one USDT to a crypto wallet. The breach escalated a few hours later, with around $44 Mn siphoned off to six different wallets.

An internal probe by the company revealed that only the security credentials of Agarwal’s office laptop had been compromised, giving the hacker access to CoinDCX’s servers. Agarwal’s device was subsequently seized.

During police questioning, Agarwal denied any involvement in the theft but admitted to engaging in ‘moonlighting’ – undertaking freelance gigs for three to four separate private clients, whose credentials he said he did not know.

Meanwhile, Sumit Gupta, founder of CoinDCX, wrote on X, “…based on our internal preliminary findings, this appears to be a sophisticated social engineering attack. Naturally, in these attacks, employees of a company are targeted to gain unlawful access to internal systems of an organisation. We understand, at this point, the law enforcement agencies are investigating the matter to track and trace the hackers responsible for the attack.”

On July 19, CoinDCX suffered a cyberattack that drained $44.2 Mn from an internal wallet used for liquidity provisioning. Large volumes of Tether (USDT) and Solana (SOL) were moved from CoinDCX-linked wallets via the Jupiter aggregator on Solana. The wallets where the stolen cryptos have been parked are being watched over by the investigators for any activity. This would make it easier to trace the funds with no guarantee of recovering them.

Cybersecurity firms like Sygnia, Seal911 and Zero Shadows are also investigating the case.

Following the heist, CoinDCX launched a bounty programme, offering up to 25% of any recovered assets, worth potentially around $11 Mn, as a reward to ethical hackers, bug bounty platforms, and security experts who assist in the recovery effort.

The startup claims that siphoning of cryptos has not impacted their investors or users as they have absorbed the impact via their internal reserves. The incident is estimated to cost nearly 7.6% of CoinDCX’s internal fund reserves.

This is another wake-up call for crypto investors in India, followed by the WazirX crypto heist where $234 Mn worth of digital assets were stolen from their wallets last year, and the case is still unresolved.