CoinDCX software engineer Rahul Agarwal was arrested after his work laptop credentials were compromised, enabling hackers to steal $44 million in a sophisticated social engineering attack on the exchange.
-
CoinDCX confirmed the breach involved internal account access, not user funds.
-
Authorities seized Agarwal’s laptop during the investigation into the July 19 hack.
-
CEO Sumit Gupta urged the public to avoid speculation as the probe continues.
CoinDCX employee arrested after $44M hack via compromised credentials; learn how the breach occurred and what it means for crypto security.
How Did the CoinDCX $44 Million Hack Occur?
The $44 million hack at CoinDCX was caused by a sophisticated social engineering attack that compromised software engineer Rahul Agarwal’s login credentials through his work laptop. This breach allowed unauthorized access to internal servers, leading to the transfer of funds from the exchange’s liquidity accounts.
What Role Did Employee Credentials Play in the Security Breach?
Internal investigations by Neblio Technologies revealed that Agarwal’s credentials were compromised after hackers tricked him into installing malware on his company-issued laptop. This malware facilitated unauthorized server access, highlighting the risks of targeted phishing and social engineering attacks on crypto firms.

Who Is Rahul Agarwal and What Is His Professional Background?
Rahul Agarwal, a staff engineer at CoinDCX with over two years of experience in the DevOps domain, was arrested following the breach. He started as a senior software engineer in May 2023 and was promoted to staff engineer in April 2025, working on-site in Bengaluru, Karnataka.
How Did Agarwal’s Employment Details Influence the Investigation?
Bengaluru police confirmed Agarwal was a permanent employee with a company-issued laptop strictly for work purposes. His admission to part-time work for private clients during employment raised additional questions, but he denied involvement in the theft during questioning.

What Has CoinDCX Said About the Incident?
CoinDCX CEO Sumit Gupta described the hack as a “sophisticated social engineering attack” and emphasized that no user funds were affected. The breach targeted an internal liquidity account used for exchange operations, and the company is cooperating fully with authorities.
Why Is Media Speculation Discouraged During the Investigation?
CoinDCX urges the public and media to avoid speculation or unverified information, as it could hinder the ongoing investigation. Transparency will be maintained once the inquiry concludes, ensuring trust and security within the crypto community.
Aspect | Details | Impact |
---|---|---|
Hack Date | July 19, 2025 | Funds stolen from internal liquidity account |
Amount Lost | $44 million | No user funds affected |
Employee Involved | Rahul Agarwal | Credentials compromised via laptop |
What Are the Security Lessons From the CoinDCX Hack?
Employee credential security is critical in preventing crypto exchange breaches. The incident underscores the need for robust internal security protocols, including multi-factor authentication and employee training to recognize social engineering tactics.
How Can Crypto Firms Protect Against Similar Attacks?
Implementing strict access controls, regular security audits, and continuous monitoring can mitigate risks. Companies should also enforce policies restricting unauthorized software installations and closely monitor employee activity on work devices.
Frequently Asked Questions
What happened during the CoinDCX $44 million hack?
The hack involved unauthorized access to CoinDCX’s internal servers through compromised employee credentials, resulting in $44 million stolen from liquidity accounts but no user funds affected.
How did hackers gain access to CoinDCX’s systems?
Hackers used a social engineering attack to trick an employee into installing malware on his work laptop, which allowed them to access sensitive systems.
Key Takeaways
- Employee credentials are a critical vulnerability: Protecting login details is essential to prevent breaches.
- Social engineering attacks remain a top threat: Continuous employee training and security measures are vital.
- Transparency and caution during investigations: Avoiding speculation helps maintain trust and aids law enforcement.
Conclusion
The CoinDCX hack highlights the importance of robust internal security and vigilance against social engineering in the crypto industry. As investigations continue, exchanges must prioritize employee credential protection to safeguard assets and maintain user trust.