In a shocking development for India’s crypto sector, a CoinDCX employee has been arrested in Bengaluru for alleged involvement in a massive $44 million crypto hack that shook the platform earlier this year. Authorities believe the breach was made possible through insider access, making this one of the most severe internal security lapses in the Indian crypto ecosystem to date.
Arrest Linked to Massive Insider Breach
According to reporting from The Times of India, a 36-year-old Bengaluru-based tech professional, Rahul Agarwal, has been taken into custody following an investigation by the Cyber Crime Division. The report claims that Rahul, who had access credentials due to his prior engagement with CoinDCX, played a pivotal role in facilitating the unauthorized transfer of ₹379 crore worth of digital assets—roughly $44 million at current exchange rates.
The individual allegedly received a suspicious phone call from an international number, reportedly traced to Germany, prior to the breach. Investigators believe this was part of a larger coordinated effort, potentially involving foreign actors.
The funds were reportedly siphoned off using login credentials linked to the CoinDCX employee, which provided backend access to the platform’s wallet management infrastructure. This direct link to the internal system drastically narrowed the investigation’s focus and led to Agarwal’s arrest.
How the CoinDCX Employee Was Tracked
The breach, which first came to light in May 2024, had prompted CoinDCX to temporarily halt some wallet operations while initiating an internal audit. At the time, the exchange cited “suspicious activity” involving certain withdrawals. However, concrete details were scarce.
Only in recent weeks did digital forensic analysis begin to yield meaningful leads. As revealed by cybersecurity experts and confirmed in official briefings, blockchain analytics firms were called in to trace the stolen assets, many of which were swiftly moved through privacy-centric tokens and mixers to obscure their origin.
But the breakthrough came when login metadata and access timestamps pointed to activity from a registered CoinDCX backend account tied to Agarwal. The use of internal admin-level privileges led investigators to suspect a possible inside job, now confirmed with the arrest.
Social and Industry Fallout
On social media, the arrest has reignited concerns about insider threats within crypto exchanges. Blockchain analyst @smtgpt commented that such breaches “erode user trust and set the Indian market back by years if not addressed transparently.” Meanwhile, cybersecurity professionals have called for stricter access controls and multi-layered auditing protocols for all wallet access.
Rahul Agarwal’s LinkedIn profile has since been deactivated, but archived versions confirm his previous association with crypto and blockchain firms.
This incident also raises questions about KYC/AML compliance and internal checks in leading Indian crypto firms. While CoinDCX remains one of the most prominent exchanges in the region, this event could invite regulatory scrutiny at both the national and SEBI levels.
CoinDCX Responds and Looks to Rebuild Trust
In a brief statement issued earlier this week, CoinDCX reiterated its commitment to user safety and legal cooperation. “We have worked closely with cybercrime authorities and will continue to provide full assistance. No user funds were permanently lost, and recovery efforts are ongoing,” a spokesperson said.
While CoinDCX has not confirmed the exact recovery status of the $44 million in assets, internal reports suggest a portion has already been frozen on external wallets flagged by surveillance firms.With India’s crypto market gaining mainstream traction, the arrest of a CoinDCX employee over such a major heist could serve as a wake-up call for other platforms operating in the country.
