TLDR:
- Bengaluru police arrest Coindcx engineer after $44M theft tied to stolen credentials.
- Hackers moved stolen crypto into six wallets using access from Agarwal’s laptop.
- Coindcx CEO assures users customer funds remain secure despite major operational loss.
- Crypto community debates insider risks after breach exposes security vulnerabilities.
A major breach has shaken one of India’s top crypto exchanges. Bengaluru police arrested Coindcx software engineer Rahul Agarwal in connection with a $44 million theft.
Investigators believe hackers exploited his login credentials to move the funds. The case comes weeks after Coindcx confirmed the incident publicly. Now, the story has taken a serious turn with the arrest and a closer look at what went wrong.
How the Coindcx Breach Started
On July 19, Coindcx CEO Sumit Gupta addressed users on X, assuring them that customer funds were safe.
He confirmed that an operational account used for liquidity provisioning had been compromised. According to Gupta, the loss would be absorbed by the company’s reserves, and trading remained unaffected.
Hi everyone,
At @CoinDCX, we have always believed in being transparent with our community, hence I am sharing this with you directly.
Today, one of our internal operational accounts – used only for liquidity provisioning on a partner exchange – was compromised due to a… pic.twitter.com/L1kZhjKAxQ
— Sumit Gupta (CoinDCX) (@smtgpt) July 19, 2025
However, Bengaluru police say that same breach originated from Agarwal’s company laptop. Investigators allege hackers accessed confidential processes through his credentials before transferring the stolen crypto into six different wallets.
The Times of India reported that Coindcx filed a formal complaint after detecting suspicious activity. Internal checks revealed that Agarwal’s security credentials were the entry point. His laptop was seized, and police questioned him over the breach.
Authorities stated that Agarwal admitted to moonlighting for several private parties. He reportedly received Rs 15 lakh in his bank account from an unknown source. Investigators also noted that he received a WhatsApp call from a German number before the hack.
Hacker Tactics and Industry Reaction
Police say Agarwal claimed one of the files sent during the call may have contained malicious code. This could have given hackers access to the company’s servers. Despite his denial of direct involvement, he was detained on July 26 for further questioning.
Crypto investigator ZachXBT criticized the negligence on social media, pointing out that even basic security mistakes can lead to massive losses. His comments reflect the growing concern within the crypto community about insider threats and poor cybersecurity practices.
>is a software engineer
>yet opens random files sent to him on a company laptopwhy are people so negligent? pic.twitter.com/ZytDs1SczZ
— ZachXBT (@zachxbt) July 31, 2025
Gupta had reiterated that no customer funds were affected. He confirmed that Coindcx’s cold wallet infrastructure remained secure. Besides, he noted that the company was working with law enforcement to recover stolen assets. And hence, the recent arrest of Rahul.
This arrest adds a new layer to an already complex case. It highlights how one compromised endpoint can bring a multi-million-dollar crypto platform to its knees.
