.png){kind=logo}
India’s largest crypto exchange, CoinDCX, found itself at the center of a massive cybercrime that unfolded silently in the early hours of July 19, 2025. A calculated malware-based social engineering scam drained over $44 million from its internal liquidity wallet.
The breach did not touch customer funds; these remained safe in offline cold wallets. However, the attack crippled the exchange's operational infrastructure and highlighted a gaping vulnerability - insider access. At the center of the chaos stood Rahul Agarwal, a senior DevOps engineer at CoinDCX, whose compromised device became the attacker’s doorway into the exchange’s systems.
Authorities believe Agarwal unknowingly triggered the breach by engaging with a fake job recruiter online. Malware entered his work laptop following a suspicious WhatsApp call. Soon after, hackers bypassed internal firewalls and siphoned off thousands of Solana (SOL) and Ethereum (ETH) tokens. The stolen assets quickly disappeared into six anonymous crypto wallets using advanced laundering techniques like crypto mixers.
CoinDCX absorbed the financial hit from its reserves. CEO Sumit Gupta reassured the public that the blockchain is untouched and clarified that the breach only impacted backend systems connecting to it. He dismissed any acquisition rumors, reiterating CoinDCX's continued focus on growing India’s crypto ecosystem.
The company responded swiftly with a Recovery Bounty Program for any help in retrieving the funds, pledging 25% of the recovered amount and capping it at $11 million. The firm is now working closely with cybersecurity specialists and law enforcement to track the digital trail.
Rahul Agarwal was arrested by the Bengaluru police but denied having any role in the theft. He admitted to freelance work on his company laptop, which investigators believe may have opened the door to the breach. Internal audits confirmed unauthorized access occurred between 2:30 a.m. and 9:40 a.m. on July 19, with an initial $1 USDT test transaction leading to the larger heist.
On-chain analyst ZachXBT was among the first to detect irregularities. His findings prompted CoinDCX to alert authorities. Cyber experts believe the incident mirrors the 2024 WazirX theft, where attackers used similar human manipulation methods to steal $234 million.
As the digital assets market pushes up above $3.8 trillion, this breach sends a chilling message to all high-value exchanges about rethinking security around the nexus of technology and trust. The story of CoinDCX is not just about a theft or a loss. It represents a turning point in how crypto companies must look at internal access and employee risk. Ethereum is up 57% and Bitcoin has just now passed $118,000; interest will remain high among investors, but so will the threat.
Also Read – $44M CoinDCX Hack Traced to North Korea’s Lazarus Group, Same Date as WazirX Breach
