31.07.2025 11:57

Bengaluru police have made a significant arrest in the investigation of a massive cryptocurrency theft from CoinDCX, one of India's leading crypto exchanges. A software engineer employed by the company, Rahul Agarwal, is now in custody following the disappearance of approximately $44 million in digital assets. The arrest marks a pivotal moment in the unfolding case, suggesting an inside job may be responsible for this substantial loss.

The incident began on July 19th with a seemingly innocuous transaction: a single USDT transfer at 2:37 am. This was quickly followed by a far larger theft, with approximately ₹379 crore ($44 million) siphoned off by 9:40 am into six separate wallets. Investigations indicate Agarwal's company laptop was compromised, leading to unauthorized access to the exchange's internal systems. While Agarwal maintains his innocence, claiming to be a victim himself, his involvement is now under intense scrutiny.

Adding to the suspicion surrounding Agarwal, police uncovered deposits totaling ₹15 lakh ($17,000) in his personal account, originating from unidentified sources. These suspicious transactions, combined with his admission of undertaking freelance work via WhatsApp, using foreign numbers and receiving files from unknown clients, have raised significant concerns. Authorities suspect that one of these files may have been a Trojan horse, providing malicious actors with the key to penetrate CoinDCX's security. His arrest on July 26th underscores the seriousness of the ongoing investigation.

The substantial cryptocurrency heist initially came to light thanks to the online investigative work of ZachXBT, a prominent figure in the crypto community who publicly highlighted the breach. This disclosure prompted CoinDCX CEO Sumit Gupta to confirm the incident. However, ZachXBT also criticized the exchange for a seventeen-hour delay in acknowledging the hack publicly, a delay only broken after ZachXBT's initial report. Further raising eyebrows, ZachXBT noted that a member of the CoinDCX team was actively encouraging engagement with Gupta's transparency post, alluding to possible attempts to control the narrative surrounding the breach. The case continues to unfold, with ZachXBT publicly questioning the negligence that allowed such a significant security lapse to occur.