An employee of cryptocurrency exchange CoinDCX, which was hacked for $44 million in mid-July, has been arrested in India over a security breach, according to multiple local reports.
Indicating the method used in the hack, Bengaluru City Police detained CoinDCX software engineer Rahul Agarwal after internal investigations revealed his login credentials were compromised. The Times of India reported on Thursday that hackers allegedly accessed Agarwal’s work laptop, enabling them to penetrate the company’s servers, following a complaint lodged and investigated by operator Neblio Technologies.
“Sophisticated social engineering attack”
CoinDCX declined comment to Cointelegraph, directing inquiries to an X post by CEO Sumit Gupta. Gupta stated the exchange cannot engage with the media during the ongoing investigation and characterized the incident as “a sophisticated social engineering attack,” noting employees are common targets. A CoinDCX spokesperson further urged media restraint regarding unverified information during the investigation.
According to reports, Agarwal came under scrutiny after Neblio discovered an unauthorized transfer of approximately 1 USDt stablecoin to a wallet, followed by the $44 million transfer to six wallets. The hack occurred between July 19 and July 20, specifically targeting CoinDCX’s internal systems used for liquidity provisions with another exchange.
Agarwal’s professional background
Bengaluru police reportedly confirmed Agarwal was a permanent staff member (promoted in April 2025) issued a work laptop for his role. Investigations following the hack reportedly linked it to a malware-infected laptop. During questioning, Agarwal denied involvement in the theft but admitted working part-time for private clients while employed at CoinDCX.
His LinkedIn profile confirms Agarwal joined CoinDCX in May 2023 as a remote Senior Software Engineer (DevOps), with a promotion making him an on-site Staff Engineer effective April 2025. The Indian Express reported police identified the hacking method as tricking Agarwal into installing malware.
