An employee of CoinDCX, a cryptocurrency exchange that suffered a $44 million hack in mid-July, was arrested in India in connection with the security breach, according to multiple local reports.
Bengaluru City police took into custody CoinDCX software engineer Rahul Agarwal after hackers reportedly gained access to his login credentials to steal assets from the exchange, The Times of India reported on Thursday.
The arrest came after a complaint and an internal investigation by CoinDCX’s operator, Neblio Technologies, which found that Agarwal’s credentials had been compromised through his work laptop, enabling unauthorized access to the company’s servers.
During questioning, while his laptop was seized, Agarwal, 30, denied involvement in the theft but admitted to working part-time for up to four private clients while employed at CoinDCX.
“Sophisticated social engineering attack”
CoinDCX neither confirmed nor denied Agarwal’s arrest when approached by Cointelegraph, instead referring to a statement on X by the exchange’s co-founder and CEO, Sumit Gupta. In the post, Gupta explained that the company cannot comment publicly due to the ongoing investigation.
“Based on our internal preliminary findings, this appears to be a sophisticated social engineering attack,” Gupta said, noting that employees are frequently targeted in such schemes.
“We urge the media and the public to refrain from speculation or spreading unverified information, as it could hinder the ongoing investigation,” a CoinDCX spokesperson stated.
Professional Background of Agarwal
According to The Times of India, Bengaluru police, citing Neblio’s vice president for public policy, Hardeep Singh, stated that the arrested employee was a permanent staff member who had been provided a laptop strictly for his role at CoinDCX.
Agarwal came under investigation after Neblio discovered that an unknown individual had hacked the system during the night of July 19, transferring 1 USDT stablecoin to a wallet. Later that same morning, hackers withdrew $44 million and moved the funds to six different wallets.
Based on a LinkedIn profile believed to be Agarwal’s, the arrested CoinDCX employee had been with the company for over two years, developing his career in the DevOps field.
He started as a senior software engineer in May 2023, working remotely from Bengaluru, Karnataka. After two years in this role, he was promoted to staff engineer in April 2025, a position he currently holds and performs on-site.
According to The Indian Express, police officials stated that hackers deceived Agarwal into installing malware on his work laptop.
This development came days after CoinDCX CEO Sumit Gupta confirmed that the exchange was hacked on July 19.
Gupta assured that no user funds were affected by the breach, explaining that the hackers gained access to one of CoinDCX’s internal accounts used for “liquidity provisions” with another exchange through a server compromise.
