₹384-crore CoinDCX crypto theft: Engineer arrested, international link suspected

Bengaluru police are probing foreign cyber links in the ₹384-crore CoinDCX breach, as officials suspect external hackers exploited internal vulnerabilities; meanwhile, the company assures customer fund safety and is strengthening cybersecurity measures

A massive cryptocurrency theft worth ₹384 crore (approximately USD 44 million) has led to the arrest of a 30-year-old software engineer working with CoinDCX, one of India’s top crypto exchange platforms. The suspect, Rahul Agarwal, was arrested on July 26 by the Whitefield CEN Crime Police following a complaint by the platform’s parent company, Neblio Technologies.

The breach, which took place in the early hours of July 19, began with a small unauthorized crypto transfer and escalated within hours. By 9:40 am, digital assets worth tens of millions had been drained and routed through six separate wallets. CoinDCX’s internal probe found that only one system—Agarwal’s company-issued laptop—was compromised, suggesting that his login credentials were used to access core infrastructure.

Agarwal, a resident of Bengaluru and originally from Haridwar, has denied direct involvement but admitted to moonlighting for unknown overseas clients. He told investigators he had received a WhatsApp call from a German number and worked on files received during that exchange—one of which may have contained malware used to breach the company’s systems. A suspicious ₹15 lakh deposit in his personal account is also being scrutinized.

The Bengaluru police are now examining possible links to foreign cyber actors and investigating how the breach was executed. While Agarwal’s exact role remains unclear, officials suspect the theft could have been orchestrated with the help of external hackers exploiting internal vulnerabilities.

CoinDCX has assured its users that customer funds are secure and unaffected by the incident. The company is actively cooperating with law enforcement and has initiated steps to reinforce its cybersecurity protocols.

The case underscores the growing cybersecurity risks in India’s crypto sector, particularly around insider threats and inadequate device security in high-access roles.