Bengaluru Software Engineer Arrested in ₹379-Crore CoinDCX Cryptocurrency Theft Case

Download IPFS

A software engineer from Bengaluru has been arrested in connection with a massive ₹379-crore cryptocurrency theft involving the CoinDCX exchange, marking one of India’s most significant cybercrime cases. Police identified the suspect as 30-year-old Rahul Agarwal, a resident of Carmelaram and originally from Haridwar, Uttarakhand. His arrest on 26 July followed an extensive investigation by the Whitefield CEN (Cyber, Economic and Narcotics) Crime Police.

According to the police, the case came to light after Neblio Technologies, which owns and operates CoinDCX, filed a formal complaint citing unauthorised access to its digital infrastructure. The vice-president for public policy at Neblio Technologies, Hardeep Singh, reported suspicious transactions on the company’s systems, prompting an investigation. At approximately 2:37 am on July 19, an unidentified hacker transferred one unit of Tether (USDT) a type of stablecoin pegged to the US dollar, from CoinDCX’s platform. The breach escalated dramatically within hours, resulting in the theft of nearly $44 million (₹379 crore), which was redirected to six separate cryptocurrency wallets.

An internal security review by the company revealed that only the credentials of Agarwal’s work-issued laptop had been compromised. Authorities subsequently seized the device for forensic examination. Agarwal, while denying direct involvement in the theft, admitted to participating in ‘moonlighting’, working freelance for multiple clients outside his primary employment. He claimed ignorance of the identity of these clients and said he could not verify the origin of the files he worked on.

Further findings from the internal probe revealed an unexplained deposit of ₹15 lakh into Agarwal’s bank account. During police interrogation, Agarwal reportedly informed investigators that he had received a WhatsApp call from an international number registered in Germany. The caller allegedly instructed him to work on a set of files, one of which Agarwal believes may have been used to compromise his official system. He maintained he did not know about the data breach until he was contacted by his employer.

The police are continuing their investigation to establish whether Agarwal was an unwitting pawn in a larger cyberattack or if he played a more direct role in the breach. CoinDCX, one of India’s leading digital asset exchanges, has yet to release a public statement, but sources close to the company have confirmed that internal cybersecurity protocols are being reviewed in light of the incident.