Employee of Indian Crypto Exchange Arrested in $44M Hack

An employee of India’s leading cryptocurrency exchange, CoinDCX, has been arrested in connection with a $44 million crypto theft. The main incident occurred when hackers infiltrated CoinDCX’s systems by targeting Rahul Agarwal, a CoinDCX employee, with a deceptive offer of freelance online work.

Main Incident

The actual hack unfolded in the early morning hours of July 19, 2025, when Agarwal, believing he was carrying out legitimate online assignments, unknowingly installed malware on his company-issued laptop. This malware allowed hackers to gain unauthorized access to CoinDCX’s wallet systems. A significant cryptocurrency transfer took place at 2:37 a.m., distributing funds to six different accounts.

Breaking : Coindcx employee Rahul Agarwal arrested in connection with the $44 Million Crypto theft reported by the company.

Investigations revealed that hackers compromised Agarwal's login credentials to access the system and siphon off $44 million. pic.twitter.com/s4kWP8BBra

— Crypto India (@CryptooIndia) July 31, 2025

Police revealed on July 30 that the hackers, having lured Agarwal with a fake part-time job, tricked him into installing malware on his work device, which he later used for freelance assignments. It was through this compromised laptop that the hackers accessed CoinDCX’s internal systems, enabling the $44 million theft.

• Rahul Agarwal was arrested on July 26, 2025, by Bengaluru’s Whitefield police.
• Agarwal had been working with CoinDCX for nearly three years.
• Internal investigation found that Agarwal had received about $17,235 from his part-time gigs, though he denied knowledge of the hack.
• The breach affected only CoinDCX’s corporate wallets; no customer funds were compromised.

“Agarwal was totally in the dark about the theft that has happened by hacking into his laptop,” a police official told local media, clarifying that he was used as a tool by the attackers.

Aftermath and Industry Reaction

• The Whitefield police registered the case under various sections of the Information Technology Act and the Bharatiya Nyaya Sanhita.
• Police also noted the impossibility of establishing a money trail once the assets are dispersed among multiple cryptocurrency wallets, especially given current regulatory challenges.
• The Whitefield police registered the case under various sections of the Information Technology Act and the Bharatiya Nyaya Sanhita.

Why This Matters

This incident highlights the increasing vulnerability of major crypto exchanges to social engineering and malware attacks, especially when insiders are targeted by sophisticated scams. It underscores the absolute need for employee vigilance, stringent internal controls, and advanced endpoint security systems in India’s dynamic crypto landscape.

Recap :

A trusted CoinDCX employee, manipulated through a fake part-time job, inadvertently installed malware on his company-issued laptop. This breach allowed hackers to access CoinDCX’s hot wallets and siphon $44 million, marking one of India’s biggest digital heists to date. Police revealed key details of the malware’s role and arrested the employee on July 26, 2025.