Bengaluru police have arrested a software engineer in connection with a massive cryptocurrency theft worth $44 million (Rs 379 crore) from CoinDCX, one of India’s leading crypto trading platforms.
The arrest of Rahul Agarwal, a 30-year-old resident of Carmelaram area originally from Haridwar, Uttarakhand, marks a significant breakthrough in what has become one of the largest cryptocurrency heists in the country.
The investigation began after Neblio Technologies, which operates the CoinDCX platform, filed a complaint reporting the theft.
The incident has raised serious questions about cybersecurity protocols in the rapidly growing cryptocurrency sector and highlighted the vulnerabilities that can arise from compromised employee credentials.
The sophisticated cyber attack occurred on July 19, beginning at 2:37 AM when an unknown hacker initially transferred one USDT token to test the system’s vulnerabilities.
According to Hardeep Singh, Neblio’s vice-president for public policy, the real damage occurred around 9:40 AM the same day when the attacker successfully siphoned off the entire $44 million and distributed it across six different cryptocurrency wallets.
Rahul Agarwal, who was employed as a permanent staff member at CoinDCX, had been provided with a company laptop strictly for office work.
However, the internal investigation revealed that his security credentials had been fatally compromised, providing hackers with unauthorized access to the company’s critical financial systems.
The breach exploited the trust-based access systems that many tech companies rely on for their operations.
The Whitefield CEN crime police, who handled the investigation, discovered that the hackers had specifically targeted Agarwal’s laptop to gain entry into CoinDCX’s secure servers.
This method of attack, known as credential stuffing or insider-assisted breaches, represents a growing threat to financial technology companies that handle large volumes of digital assets.
Moonlighting Activities and Suspicious Foreign Contact
During police questioning after his arrest on July 26, Agarwal initially claimed innocence regarding the cryptocurrency theft.
However, he admitted to engaging in unauthorized moonlighting activities, working with three to four private parties without informing his employer about these additional commitments or their credentials.
The investigation took a crucial turn when Agarwal revealed he had received a WhatsApp call from a German phone number regarding file transfers.
According to police statements, the caller had sent him several files for completion, with Agarwal acknowledged that one of these files could have been malicious bait used by hackers to infiltrate his official systems.
This revelation suggests a sophisticated social engineering attack where cybercriminals posed as legitimate clients to gain access to sensitive corporate systems.
Agarwal maintained that he was unaware of the theft until his company contacted him, claiming he had unknowingly become a conduit for the attack through his freelance activities.
The case has been registered under various sections of the Information Technology Act, reflecting the complex nature of cybercrime investigations in the cryptocurrency sector.
Account Before Crypto Heist
Perhaps the most damning evidence against Agarwal emerged when investigators discovered that Rs 15 lakh had been transferred to his bank account from an unknown source prior to the cryptocurrency theft.
According to Report, CoinDCX, as one of the country’s most prominent crypto exchanges, now faces the challenge of rebuilding customer confidence.
This financial transaction has raised serious questions about whether Agarwal was an unwitting victim or a willing participant in the elaborate scheme.
The timing of this payment, combined with his admission of working with unknown private parties and receiving suspicious files from international numbers, has strengthened the case against him.
Police investigators are now working to trace the source of these funds and determine whether they represent payment for his alleged cooperation in the heist.
The arrest has sent shockwaves through India’s cryptocurrency community, which has been working to build trust and regulatory compliance in an increasingly scrutinized sector.
CoinDCX, as one of the country’s most prominent crypto exchanges, now faces the challenge of rebuilding customer confidence.
The case highlights the critical importance of robust cybersecurity protocols, employee background verification, and monitoring of staff activities, particularly in companies handling valuable digital assets.
As investigations continue, this incident may prompt industry-wide reviews of security practices and employee access controls in the cryptocurrency sector.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
 from CoinDCX.){kind=link}