A $44 million hack has shaken Indian crypto exchange CoinDCX, with police arresting a company engineer whose compromised laptop allegedly gave hackers access to the firm’s operational wallets.
Key Takeaways
- 1CoinDCX lost $44 million from an operational wallet on July 19 in a major security breach.
- 2Employee Rahul Agarwal was arrested, accused of unintentionally giving hackers access via malware.
- 3Authorities suspect social engineering, where scammers posed as recruiters to compromise the company laptop.
- 4Stolen funds may be unrecoverable, and investigations are ongoing with global exchanges.
What Happened
CoinDCX, one of India’s leading cryptocurrency exchanges, suffered a $44 million theft on July 19, 2025. Hackers infiltrated an internal operational wallet but left customer funds untouched. Bengaluru police later arrested Rahul Agarwal, a 30-year-old engineer at CoinDCX’s parent firm Neblio Technologies, after investigators traced the breach to his company-issued laptop.
Employee Arrest and Malware Trap
According to police reports, the attack began with a test transfer of 1 USDT at 2:37 a.m., followed by the draining of $44 million by 9:40 a.m. into six crypto wallets. Authorities believe hackers lured Agarwal into a fake part-time job or freelance assignment, convincing him to perform tasks that led to malware installation on his work device. Agarwal admitted to freelance work and receiving foreign payments, including a suspicious ₹15 lakh deposit (around $17,000), but denied involvement in the hack. Police described him as an unwitting tool, while internal investigations confirmed he had been working for three years at the company and switched from personal to office devices for side work, enabling the malware breach.
CoinDCX Calls It a Social Engineering Attack
CoinDCX CEO Sumit Gupta called the breach a “sophisticated social engineering attack”, emphasizing that user wallets were not compromised and all operations continued without disruption. He said the company’s treasury will absorb the loss, while customer funds remain safe. The firm is cooperating with police and other exchanges in an attempt to trace the stolen funds. However, investigators warn that recovering the crypto is nearly impossible if overseas wallet operators refuse to share data.
Transparency Concerns and Wider Crypto Context
The hack has sparked community debate over exchange transparency. Blockchain investigator ZachXBT alleged that CoinDCX delayed public disclosure by 17 hours, while a leaked Reddit message suggested staff were encouraged to praise the CEO online. July has been a brutal month for crypto hacks, with incidents at GMX V1 ($40M), Arcadia Finance ($3.5M), and BigONE ($27M) highlighting ongoing security risks for centralized and DeFi platforms alike.
CoinLaw’s Takeaway
If you work in crypto, this story is a reminder that hackers target humans, not just systems. Malware and social engineering remain the industry’s biggest weak spots. I find it concerning that a single compromised laptop could drain $44 million and that law enforcement admits recovery is nearly impossible. Exchanges must tighten internal security, limit access to critical wallets, and train staff to spot fake job scams.
