Bangalore Techie Employee Arrested in Connection With the $44 Million CoinDCX Hack

The Bangalore-based software engineer Rahul Agarwal, employee of prominent crypto exchange CoinDCX, was arrested in connection with a massive $44 million (approximately Rs 379 crore) theft. 

The Whitefield CEN crime police detained Agarwal on July 26 following an extensive investigation into the security breach that compromised the company’s digital asset infrastructure.

The arrested individual, a resident of the Carmelaram area originally from Haridwar, Uttarakhand, was employed by Neblio Technologies, which operates the CoinDCX platform. 

Key Takeaways
1. CoinDCX engineer Rahul Agarwal arrested for $44M crypto theft.
2. Hackers used WhatsApp from Germany to compromise his laptop credentials.
3. Employee admits moonlighting but denies direct involvement in theft.

According to police sources, the sophisticated cyber attack occurred on July 19, when hackers successfully infiltrated the company’s secure systems through compromised login credentials belonging to Agarwal’s corporate laptop.

Sophisticated Credential Compromise Attack

The investigation revealed that cybercriminals employed advanced social engineering tactics to breach CoinDCX’s security protocols. 

Agarwal reportedly received a WhatsApp communication from a German number, containing malicious files disguised as legitimate work documents. 

One of these files contained malware designed to harvest authentication credentials and establish unauthorized access to the company’s cryptocurrency management systems.

The attack methodology demonstrated sophisticated knowledge of blockchain infrastructure and digital asset transfer protocols. 

The Times of India reports that at approximately 2:37 AM on July 19, the hackers initiated their breach by transferring 1 USDT (Tether) token to test wallet connectivity and validate their access to the platform’s hot wallet infrastructure. 

Subsequently, at 9:40 AM, the perpetrators executed the main theft, siphoning $44 million worth of digital assets and distributing them across six separate cryptocurrency wallets to obscure the transaction trail.

 Employee Misconduct & Security Breaches

CoinDCX’s internal security audit, conducted following the breach notification, uncovered significant security protocol violations. 

Hardeep Singh, Neblio Technologies’ vice-president for public policy, confirmed that Agarwal maintained permanent employee status and possessed company-issued hardware for official operations. 

However, the investigation revealed that Agarwal had been engaging in unauthorized moonlighting activities, providing services to 3-4 private entities without proper disclosure or security clearance.

Financial forensics conducted during the investigation identified suspicious transactions totaling Rs 15 lakh deposited into Agarwal’s personal banking accounts from unidentified sources. 

While Agarwal has maintained his innocence regarding direct involvement in the cryptocurrency theft, he acknowledged violating company policy through undisclosed freelance work that potentially compromised security protocols.

The case highlights critical vulnerabilities in cryptocurrency exchange security infrastructure and the importance of robust employee vetting procedures, multi-factor authentication systems, and comprehensive cybersecurity awareness training in protecting digital asset platforms from sophisticated social engineering attacks.

Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches