31.07.2025 19:13

A significant security breach at CoinDCX, an Indian cryptocurrency exchange, resulted in the theft of $44 million in digital assets on July 19th. This led to the arrest of a staff engineer, highlighting serious vulnerabilities in the company's security protocols.

The unauthorized access occurred overnight between July 18th and 19th. Beginning with a seemingly innocuous transfer of a single USDT to an external wallet, the perpetrator swiftly moved $44 million to six separate wallets. Internal sources revealed that the attack exploited the credentials of Rahul Agarwal, a DevOps engineer employed by CoinDCX since May 2023 and recently promoted to staff engineer in April 2025. A detailed, nine-tweet explanation of the hack was published by the CoinDCX team on X (formerly Twitter), providing a comprehensive account of the incident.

Malicious software, likely concealed within files related to Agarwal's outside freelance work, compromised his company laptop, facilitating the theft. Internal investigations uncovered that Agarwal had undertaken freelance work for four private clients, a violation of CoinDCX's policy prohibiting the use of company devices for personal gain. This violation played a crucial role in the successful social engineering attack.

Rahul Agarwal, a 30-year-old Bengaluru-based engineer, was apprehended by authorities shortly after the theft. While he denies direct involvement in the $44 million heist, Agarwal admitted to using his company laptop for unauthorized freelance work, a confession that significantly impacts the ongoing investigation. His work laptop has been confiscated, and forensic digital analysis is underway. Although CoinDCX's CEO has refrained from publicly confirming the arrest, the company has acknowledged an ongoing investigation into a sophisticated social engineering attack. Agarwal's LinkedIn profile confirmed his recent promotion to Staff Engineer, a position he held for only a few months before the incident. The case underscores the critical need for robust security measures and strict adherence to company policies within the cryptocurrency industry.