Rahul Agarwal, a 30-year-old software engineer from Carmelaram, Bengaluru, was arrested on July 26 after police linked him to a $44 million theft from crypto exchange CoinDCX, TOI reported.

The Bengaluru Whitefield CEN crime branch took him into custody following a complaint by Neblio Technologies, CoinDCX’s parent company, which accused hackers of using Agarwal’s login credentials to raid its servers.

How the Hack Unfolded?

According to Neblio’s vice-president for public policy, Hardeep Singh, unusual activity first showed up on July 19 when one USDT moved out of the system. Within hours, the breach escalated, and about $44 million was siphoned into six separate wallets. 

An internal investigation found that Agarwal’s office laptop security details had been compromised, giving the intruder a direct path to CoinDCX’s infrastructure.

Employee’s Account

During police questioning, Agarwal denied playing any role in the theft. He said he had been moonlighting, doing freelance work for three or four private clients, and that he did not know their credentials. 

Agarwal suggested to officers that a malicious file could have been the bait used by the real hacker to slip into his official system. He said he learned of the theft only when summoned by his employer.

Company Response

Neblio Technologies said it is fully cooperating with the authorities. Sumit Gupta, the CEO of CoinDCX, posted on X (Twitter) that the company filed an FIR but cannot share details while the probe is active.

Some media reports have surfaced referencing the FIR we filed with the Karnataka Police regarding the security incident that impacted our platform.

As this is an ongoing investigation, we unfortunately cannot engage with the media or public on this issue. We want to ensure the…

— Sumit Gupta (CoinDCX) (@smtgpt) July 31, 2025

He described the incident as a sophisticated social engineering attack aimed at employees to gain unlawful access to internal systems. Gupta added that law enforcement is working to track down those responsible.

Investigation Underway

Police have seized Agarwal’s laptop and are examining its contents. They are also tracing the flow of funds to the six crypto wallets and seeking to identify any accomplices.

Also Read: CoinDCX Founder Says WazirX Is Not Reacting To The Hack With ‘Community First’ Focus

The city cybercrime unit is coordinating with national agencies to follow the digital trail. Investigators say that cryptocurrency makes tracking transfers complex but not impossible. They believe the funds could be laundered through multiple exchanges before being cashed out.

Impact on CoinDCX and Users

The theft has raised fresh concerns about security at crypto platforms. CoinDCX serves millions of users in India. The company has assured its customers that user funds are safe, as the breach involved only its corporate treasury. 

Industry experts say exchanges must bolster internal controls and reduce reliance on single points of failure. Some users have expressed anxiety on social media, but the firm’s public statement aims to reassure them that their holdings remain untouched.

This case highlights the risks of credential theft and social engineering in the crypto sector. Even firms with robust defences can fall prey if an employee’s device is compromised.

Also Read: Indian Crypto Exchange CoinDCX Confirms 100% INR Withdrawals After $44M Hack