A software engineer working at Indian cryptocurrency exchange CoinDCX has been arrested in connection with a major security breach that led to a $44 million hack. The arrest followed an internal investigation by CoinDCX operator Neblio Technologies, which revealed that the engineer’s credentials had been compromised, allegedly enabling hackers to access the firm’s servers.

Hacker Breach Linked to Employee’s Laptop

Rahul Agarwal, a staff engineer at CoinDCX, was detained by Bengaluru City police after it was discovered that his work laptop had been used to carry out the unauthorised access. According to reports from The Times of India, the hackers managed to steal Agarwal’s login details through a social engineering attack and later used them to siphon funds from the company.

An internal probe by Neblio Technologies revealed that the security breach occurred on the night of 19 July. The attackers first transferred a single USDT token to test the system, before moving $44 million across six wallets. The breach targeted one of CoinDCX’s internal accounts used for liquidity provision with another exchange, not affecting user funds directly.

Engineer Denies Involvement but Admits to Freelancing

During questioning, Agarwal reportedly denied any involvement in the hack but admitted to taking on freelance work for up to four private clients while still employed full-time at CoinDCX. His work laptop, issued by the company strictly for official use, was seized by police for forensic analysis.

Police sources cited by The Indian Express claimed that the hackers tricked Agarwal into installing malware on his device, which enabled remote access. This form of attack, often categorised under social engineering, involves manipulating individuals into unknowingly providing access to secure systems.

CoinDCX Urges Caution Amid Ongoing Probe

CoinDCX has neither confirmed nor denied Agarwal’s arrest. In a public statement shared via X (formerly Twitter), CoinDCX co-founder and CEO Sumit Gupta said that initial findings suggest the breach was the result of a sophisticated social engineering attack. He urged media outlets and the public not to spread unverified information, stating that doing so could hinder the ongoing investigation.

A CoinDCX spokesperson reiterated the same message, requesting discretion and patience while the authorities and the company complete their investigations.

Employee Profile and Timeline

According to a LinkedIn profile believed to belong to Agarwal, he has been associated with CoinDCX since May 2023. Initially hired as a senior software engineer working remotely from Bengaluru, he was promoted to staff engineer in April 2025. The profile indicates a focus on the DevOps domain during his tenure at the company.

Agarwal’s employment status at CoinDCX was confirmed by Hardeep Singh, vice president for public policy at Neblio, who stated that the accused had been a permanent employee with access to critical systems.

The case continues to unfold as police analyse the seized laptop and trace the wallets that received the stolen funds.