CoinDCX employee arrested in connection with $44M crypto hack: Report

CoinDCX operator Neblio reportedly filed a complaint against software engineer Rahul Agarwal after discovering that his credentials had been compromised through his work laptop.

An employee of CoinDCX, a cryptocurrency exchange that was hacked for $44 million in mid-July, was arrested in India in connection with a security breach, according to multiple local reports.

Bengaluru City police detained CoinDCX software engineer Rahul Agarwal after hackers allegedly managed to compromise his login credentials to siphon the exchanges assets, The Times of India reported on Thursday.

The arrest followed a complaint and internal investigation by CoinDCX operator Neblio Technologies, which determined that Agarwal‘s credentials had been compromised via his work laptop, allowing unauthorized access to the company’s servers.

During questioning as his laptop was seized, Agarwal, 30, denied involvement in the crypto theft, but admitted to taking on part-time work for up to four private clients while still employed at CoinDCX.

“Sophisticated social engineering attack”

CoinDCX declined to confirm or deny Agarwals arrest to Cointelegraph, referring to an X post by CoinDCX co-founder and CEO Sumit Gupta, who told the public on Thursday that the exchange cannot engage with media amid an ongoing investigation.

“Based on our internal preliminary findings, this appears to be a sophisticated social engineering attack,” Gupta said in the post, adding that employees are often targeted in such attacks.

Source: Sumit Gupta

“We urge the media and the public to avoid speculation or the circulation of unverified information, as it may impede the ongoing investigation,” a spokesperson for CoinDCX told Cointelegraph.

Agarwals professional background

Citing Neblios vice president for public policy, Hardeep Singh, Bengaluru police reportedly said that the arrested employee was a permanent staff member and had been issued a laptop strictly for his role at CoinDCX, according to The Times of India.

Agarwal came under investigation after Neblio discovered that an unknown individual had hacked the system during the night on July 19 and transferred one Tether USDt (USDT) stablecoin to a wallet. Later that morning, hackers siphoned $44 million and transferred the funds to six wallets.

According to a LinkedIn profile purported to be Agarwals, the arrested CoinDCX employee had been with CoinDCX for over two years, building his career in the DevOps domain.

Source: Rahul Agarwal

He began as a senior software engineer in May 2023, working remotely from Bengaluru, Karnataka. After two years in this role, he was promoted to staff engineer in April 2025, a position he currently holds and performs on-site.

According to The Indian Express, the police officers said hackers tricked Agarwal into installing malware on his office laptop.

The news came days after CoinDCX CEO Gupta reported that the exchange was hacked on July 19.

He said no user funds were affected by the exploit, adding that the hackers compromised one of CoinDCXs internal accounts used for “liquidity provisions” with another exchange through a server breach.