CoinDCX Engineer Arrested in $44M Crypto Heist: Moonlighting on Work Laptop Linked to Breach
Ddos 
Earlier, the Indian cryptocurrency exchange CoinDCX fell victim to a cyberattack, resulting in the theft of digital assets worth approximately $44 million. This week, authorities in Bangalore, India, arrested the company’s software engineer, Rahul Agarwal, in connection with the incident.
Agarwal, a long-serving employee responsible for software engineering at CoinDCX, became a central figure in the investigation after an internal audit revealed that the attacker had accessed the company’s internal network using his employee credentials, which were believed to have been compromised via his laptop.
During interrogation and forensic examination of his confiscated laptop, Agarwal denied any direct involvement in the cryptocurrency heist. However, he admitted to moonlighting for four private clients while employed at CoinDCX.
According to circulating reports, the attacker had approached Agarwal well in advance, luring him with a freelance opportunity. He was persuaded to install specific software on his work laptop—software that allegedly contained a keylogger, secretly capturing every keystroke entered on the machine.
For employees in the cryptocurrency sector, it is paramount to minimize software installations on work devices and strictly adhere to company-approved applications. Agarwal’s decision to install third-party software on his corporate laptop, without formal approval, has been widely condemned as a reckless and inexplicable breach of protocol.
The breach occurred during the night of July 19, 2025, when the intruder initially transferred $1—likely a test transaction—before proceeding to siphon off $44 million in cryptocurrency by morning. The stolen funds were dispersed across six different wallets before CoinDCX detected the breach.
Fortunately, the compromised wallets did not hold customer assets. Instead, they were used by CoinDCX to provide liquidity to partner exchanges. In scenarios where a partner exchange experiences a temporary shortage of assets—such as Bitcoin—CoinDCX utilizes these wallets to fulfill short-term liquidity needs.
As of now, CoinDCX has not issued a formal statement regarding Agarwal’s involvement. The company’s CEO emphasized that the matter is under active investigation by law enforcement, and therefore, the firm is currently unable to provide substantive updates to the media.
Related Posts:
- Unraveling North Korea’s $3 Billion Crypto Heist Empire
- BitoPro Crypto Heist: North Korea’s Lazarus Group Steals $11.5M via Phished Employee
- Bitfinex Hacker Sentenced to 5 Years for Massive Bitcoin Heist and Laundering Scheme
- Three Ukrainian hackers arrested for stealing 15 million credit card records in the US
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
