July 31, 2025
5 min read
Helen Partz
CoinDCX engineer Rahul Agarwal was arrested in India after a 4M hack compromised his credentials via a social engineering attack.
CoinDCX Software Engineer Arrested Over $44M Crypto Exchange Hack
An employee of CoinDCX, a cryptocurrency exchange hacked for $44 million in mid-July, was arrested in India in connection with the security breach, according to multiple local reports. Bengaluru City police detained CoinDCX software engineer Rahul Agarwal after hackers allegedly compromised his login credentials to siphon the exchange’s assets, as reported by The Times of India. The arrest followed a complaint and internal investigation by CoinDCX operator Neblio Technologies, which found that Agarwal’s credentials had been compromised via his work laptop, allowing unauthorized access to the company’s servers. During questioning, as his laptop was seized, Agarwal, 30, denied involvement in the crypto theft but admitted to taking on part-time work for up to four private clients while still employed at CoinDCX.“Sophisticated social engineering attack”
CoinDCX declined to confirm or deny Agarwal’s arrest, referring to an X post by CoinDCX co-founder and CEO Sumit Gupta. Gupta stated the exchange cannot engage with media amid an ongoing investigation.“Based on our internal preliminary findings, this appears to be a sophisticated social engineering attack,” Gupta said, adding that employees are often targeted in such attacks.A CoinDCX spokesperson urged the media and public to avoid speculation or circulation of unverified information, as it may impede the ongoing investigation.
Agarwal’s professional background
According to Neblio’s vice president for public policy, Hardeep Singh, Bengaluru police said the arrested employee was a permanent staff member issued a laptop strictly for his role at CoinDCX. Agarwal came under investigation after Neblio discovered that an unknown individual hacked the system during the night of July 19 and transferred 1 USDt stablecoin to a wallet. Later that morning, hackers siphoned $44 million and transferred the funds to six wallets. Based on a LinkedIn profile purported to be Agarwal’s, the arrested employee had been with CoinDCX for over two years, building his career in the DevOps domain. He began as a senior software engineer in May 2023, working remotely from Bengaluru, Karnataka. After two years, he was promoted to staff engineer in April 2025, a position he currently holds on-site. According to The Indian Express, police officers said hackers tricked Agarwal into installing malware on his office laptop. The news came days after CoinDCX CEO Sumit Gupta reported the exchange was hacked on July 19. Gupta stated no user funds were affected by the exploit, explaining that hackers compromised one of CoinDCX’s internal accounts used for liquidity provisions with another exchange through a server breach.Source: Cointelegraph