Indian cryptocurrency exchange CoinDCX suffered a $44 million theft on July 19, 2025, with investigations revealing involvement from software engineer Rahul Agarwal. Bengaluru police arrested Agarwal after forensic analysis showed hackers used his compromised credentials to access the exchange's internal wallets. The attack began with a test transfer of 1 USDT at 2:37 AM before $44 million was siphoned to six external wallets at 9:40 AM.
Agarwal admitted to moonlighting for unverified clients, including a German contact who sent files potentially containing malware. Authorities discovered $20,000 in unexplained deposits to his bank account. While Agarwal claims victimhood, blockchain investigator ZachXBT criticized his negligence in handling suspicious files on a company device.
CoinDCX CEO Sumit Gupta confirmed this was a social engineering attack targeting employees. The exchange has launched a recovery bounty program offering 25% of reclaimed funds (up to $11 million) for public assistance. Concurrently, Coinbase is negotiating to acquire CoinDCX, capitalizing on its sub-$1 billion valuation post-heist to enter India's crypto market.
Neblio Technologies (CoinDCX's parent company) filed the formal complaint, leading to Agarwal's arrest under India's IT Act and Bharatiya Nyaya Sanhita for criminal breach of trust and identity theft.