Indian police have arrested Rahul Agarwal, a software engineer at the crypto exchange CoinDCX for his role in the $44 million theft. Investigations revealed he was used as a tool to siphon such a huge amount of cryptocurrency.
Details of Agarwal’s Role
The security breach occurred on July 19 when hackers allegedly gained unauthorized access to the exchange servers using Agarwal’s work laptop and login details.
Agarwal is a Jharkhand native who has worked with CoinDCX for the past three years. Taking advantage of his good position in the exchange, the perpetrators offered him a part-time job, which he accepted. They assigned him tasks, such as writing reviews and other online tasks, in exchange for good money.
Initially, Agarwal used his personal laptop to handle these side gigs. Later, he switched to his office laptop, where the hackers managed to install the malware without his knowledge. Following this, the hacker gained access to CoinDCX and diverted money from its wallet.
During the investigation, Agarwal admitted to using the laptop for unauthorized freelance work. However, he denied involvement in the theft but is under criminal scrutiny. Further scrutiny disclosed that Agarwal had received a suspicious amount of ₹15 lakh (around $18,000). He claimed the money came from the part-time job he had been doing.
The recent revelation highlights the need for exchanges to enforce tighter internal controls, stronger access management, and stricter device use policies.
Meanwhile, the authorities are struggling to trace the flow of money. This is because cryptocurrency remains largely unregulated in India and many other parts of the world.
“If it was a bank transfer, we could find a money trial. But it seems to be impossible as the origins of the wallets (to which the cryptocurrency was transferred) is also not from India. If the crypto exchanges failed to share the data of the wallets, it would be a tough task,” an officer said.
CoinDCX Response to the Hack
Following the CoinDCX security breach, the company CEO, Sumit Gupta, publicly confirmed that customer assets were never compromised. The hack targeted an internal operational liquidity account, so users’ funds are safe.
The exchange also partnered with top cybersecurity firms to investigate the breach, strengthen infrastructure, and block illicit transfers. Additionally, CoinDCX launched a recovery bounty, offering up to 25% to help trace the stolen funds and identify the perpetrators.
Ephraim Emmanuel | June 17, 2026
Jonathan Agozie | June 15, 2026
