An employee of Indian cryptocurrency exchange CoinDCX has been arrested in connection with a massive $44 million security breach that occurred in mid-July, according to multiple local media reports.
Rahul Agarwal, a software engineer employed by CoinDCX’s parent company Neblio Technologies, was detained by the Bengaluru City police after it was discovered that hackers had accessed his login credentials to breach the firm’s internal systems. The attackers reportedly drained $44 million worth of digital assets, including the USDT stablecoin, across six different wallets.
Some media reports have surfaced referencing the FIR we filed with the Karnataka Police regarding the security incident that impacted our platform.
As this is an ongoing investigation, we unfortunately cannot engage with the media or public on this issue. We want to ensure the…
— Sumit Gupta (CoinDCX) (@smtgpt) July 31, 2025
The arrest comes in the wake of an internal investigation by CoinDCX, which concluded that Agarwal’s credentials were compromised via his work-issued laptop. According to Hardeep Singh, Neblio’s vice president of public policy, Agarwal was a full-time staff member with access to sensitive infrastructure and had been issued a dedicated office device for his role.
Agarwal, 30, reportedly denied involvement in the exploit but admitted during police questioning that he had been taking freelance jobs for up to four private clients while still employed by CoinDCX.
The Indian Express cited investigators who claimed that Agarwal had unknowingly installed malware on his laptop, which may have enabled the attackers to gain access. Police suspect the breach was carried out through a sophisticated social engineering campaign.
CoinDCX CEO Sumit Gupta confirmed in a recent statement that the platform was hacked on July 19 through one of its internal accounts used for liquidity provisioning on another exchange. He emphasized that no customer funds were impacted.
A LinkedIn profile believed to belong to Agarwal shows he had been with CoinDCX for over two years, advancing from a senior software engineer role in May 2023 to a staff engineer position in April 2025.
The investigation remains ongoing as authorities work to trace the flow of stolen assets and determine the full extent of external involvement.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
