Software Engineer at CoinDCX Taken into Custody Over $44 Million Crypto Heist (Allegedly)
In a significant turn of events, the Indian cryptocurrency exchange CoinDCX has fallen victim to a sophisticated hack, resulting in a loss of approximately ₹379 crore ($44 million). The breach, which took place between July 16 and 19, 2025, has raised concerns about cybersecurity vulnerabilities and geopolitical tensions in the cryptocurrency industry.
Timeline and Details
The coordinated hack occurred in the early hours of July 19, with a test transaction of 1 USDT made at 2:37 AM to check system access. By 9:40 AM, the hackers had withdrawn $44 million, moving the funds across six wallets within hours. The hack was publicly reported 17 hours later, with CEO Sumit Gupta confirming no customer funds were affected and attributing the breach to an internal operational wallet compromise.
Suspect Involvement
At the heart of the investigation is Rahul Agarwal, a 30-year-old software engineer at CoinDCX. Agarwal was tricked into installing malware via freelance job scams, allowing hackers access to the exchange's internal systems. Agarwal, during his questioning, claimed to be innocent but admitted to working with three to four private parties outside regular business hours without thoroughly vetting them. Suspicious payments totaling $17,000 were found in Agarwal’s bank account, but he denied direct involvement, claiming ignorance of the hack while admitting to taking freelance work from unknown clients.
Aftermath and Response
CoinDCX launched an $11 million bounty to recover the stolen crypto, absorbing the loss using its own treasury to ensure that customer assets remained untouched. The hack has raised concerns within the Indian crypto community about internal operational security and delayed transparency from CoinDCX management.
The incident has been linked to the Lazarus Group, a North Korean state-sponsored hacking syndicate known for large-scale crypto heists. This hack marks one of the largest publicly known crypto breaches in India, prompting calls for stronger cybersecurity measures at exchanges.
Investigation and Ongoing Concerns
The hack on CoinDCX remains under investigation by the Bengaluru police. The Bengaluru police are investigating a phone call that Agarwal received from a German phone number, stating he "had a few files to complete." The hack on CoinDCX is one of many examples of increasing complex attacks on crypto exchanges. In 2021, enormous amounts of funds have been stolen from crypto exchanges, surpassing records from previous years.
As the investigation continues, the cryptocurrency industry must remain vigilant against such sophisticated attacks. Exchanges must prioritize cybersecurity measures to protect user assets and maintain trust within the community.
[1] CoinDCX Suffers $44 Million Hack [2] CoinDCX Hack: Bengaluru Police Arrest Software Engineer [3] CoinDCX Hack: CEO Confirms No Customer Funds Affected [4] CoinDCX Hack Linked to North Korean Lazarus Group
- The cryptocurrency exchange CoinDCX lost approximately ₹379 crore ($44 million) due to a sophisticated hack, raising concerns about cybersecurity and geopolitical tensions within the crypto industry.
- Rahul Agarwal, a software engineer at CoinDCX, is at the center of the investigation after being tricked into installing malware that provided hackers access to the exchange's systems.
- Following the hack, CoinDCX launched an $11 million bounty to recover the stolen crypto, absorbing the loss using its own treasury to ensure customer assets remained safe.
- The Lazarus Group, a North Korean state-sponsored hacking syndicate, is suspected to be behind the hack, marking one of the largest publicly known crypto breaches in India, prompting calls for stronger cybersecurity measures at exchanges.
){kind=link}