Hackers used fake job offer to target CoinDCX employee, steal $44 million: report
Quick Take
- Bengaluru police say hackers used a part-time job offer as bait to install malware on a CoinDCX employee’s company laptop, then stole $44 million in crypto with the compromised access.
- CoinDCX previously called the incident a “server breach” and said it would cover losses, noting that customer funds were safe.
Less than two weeks after cybercriminals attacked Indian crypto exchange CoinDCX, police believe they have traced the root cause to a job-bait ploy.
Hackers posing as recruiters allegedly lured a CoinDCX software engineer into installing malware on his company laptop and then drained about $44 million in crypto from the exchange, Bengaluru police said. Officers arrested Rahul Agarwal, 30, after investigators determined the attackers used his login credentials to access the firm’s systems and move funds, according to local reports.
The Indian Express reported that the malware was delivered under the pretext of a part-time job, with police alleging the compromised device was used to breach internal wallet systems at Neblio Technologies, CoinDCX’s operator. The Times of India said investigators believe the theft relied on Agarwal’s corporate access to execute withdrawals.
He has been taken into custody as the probe continues, and his company-issued device has been seized. Agarwal insists he was unaware of the scheme till confronted during the firm’s inquiry.
Earlier this month, CoinDCX’s CEO, Sumit Gupta, attributed the loss to a server breach tied to an internal operational wallet and said the company would cover losses. The firm also said user funds were not affected, according to The Block.
Authorities have not publicly detailed the destination of the stolen assets or whether they can be recovered. Also, investigators were probing the possibility of foreign actors behind the attack, though responsibility has not been confirmed.
CoinDCX co-founder Neeraj Khandelwal welcomed assistance in tracking the funds, noting that the exchange is offering 25% of the stolen amount, about $11 million, as part of a Recovery Bounty Programme.
It’s the second time hackers have attacked an Indian crypto exchange in the last year. WazirX suffered a crippling $230 million exploit in July 2024, apparently orchestrated by North Korea’s Lazarus group. Attempts to restructure the company and finalize creditor distribution hit a roadblock after a Singapore court declined WazirX’s reorganization plan in June.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
