CoinDCX $44M Hack: What Happened, and Where It Stands Now

Major Crypto Heist Hits Bengaluru-Based Exchange

On July 19, 2025, CoinDCX (operated by Neblio Technologies) fell victim to a sophisticated cyberattack targeting an internal operational wallet used for liquidity provisioning, leading to the theft of approximately ₹378 crore (~USD 44 million)

Crucially, customer funds were stored in segregated cold wallets, ensuring no loss impacted users.

Company Response: Reassurance & Recovery Efforts

CoinDCX has declared it will completely absorb the loss using its treasury reserves, and user operations including trading and INR withdrawals have continued smoothly.

A recovery bounty program has been launched (up to 25% of recovered funds, roughly USD 11M) to incentivize help in tracing the stolen assets or identifying perpetrators

Arrest & Investigation: Insider Role Under Scrutiny

Today, Bengaluru police arrested a software engineer, Rahul Agarwal (originally from Haridwar), after finding malware installed on his official CoinDCX laptop, allegedly delivered via a fake freelance job offer.

Investigations suggest attackers used his credentials to transfer a single USDT initially, then escalated into siphoning nearly ₹379 crore (~USD 44M) into six separate crypto wallets. Agarwal had no prior knowledge, claiming he worked freelance projects for anonymous clients and received unexplained payments while communicating via WhatsApp

What Happened, and Where It Stands Now (July 31, 2025)

Introduction

A headline-grabbing cyber heist hit one of India’s top crypto platforms in late July. Here’s what went down, how CoinDCX responded, and the latest investigative developments.

The Incident

Date/time: July 19, 2025, approx. 4:00 AM IST.
A server-level breach compromised a backend liquidity-provisioning account—not user-facing wallets.Attackers drained roughly $44 million (~₹378–379 crore) in stablecoins via Solana and Ethereum bridges.

User Funds & Exchange Security.

CoinDCX confirmed no customer funds were affected.

Assets are securely held in cold storage, publicly verifiable via their Proof of Reserves (PoR) page.
Trading and standard INR withdrawals remain operational, with small withdrawals processed within hours and larger ones within 72 hours for added verification

Damage Control and Future Measures.

CoinDCX pledged to absorb the entire loss via its treasury holdings.They’ve initiated a bug bounty/recovery bounty program worth up to USD 11M to locate or recover the stolen funds.
The exchange is collaborating with global cybersecurity firms and India’s CERT-In, committing to full transparency in sharing investigation findings.

Investigation Breaking: Arrest of CoinDCX Employee

July 26, 2025: Bengaluru-based engineer Rahul Agarwal arrested in connection with the breach. Police allege he was targeted via a fake freelance job posting and tricked into installing malware on his office laptop, which enabled hackers to access internal systems. Despite no admission of involvement, examining suspicious transactions totaling ~₹15 lakh and alleged WhatsApp interactions with unknown German numbers. Investigators remain unsure if he was an unwitting pawn or knowingly complicit, and are tracing wallet connections and potential international links

Why It Matters :

Experts warn that this reinforces the need for clearer regulatory standards, stronger infrastructure protocols, and better incident disclosures across exchanges.

Closing Thoughts & What’s Next?

With the stolen amount still in limbo, the recovery bounty remains the most promising route.
Investigation continues to explore internal controls, inventory of devices, and blockchain tracking.
CoinDCX maintains it is operational, secure, and backed by solid reserves.For users and investors, the key takeaway: know where crypto is stored, insist on transparency, and watch exchanges that back their commitments even in crises.

Conclusion

CoinDCX’s breach underscores the importance of holistic security protocols—not just at user wallet level, but deep into operational infrastructure. While the company appears stable and committed to recovery, the case exemplifies how social engineering and insider vulnerabilities can expose even leading crypto firms.
Let me know if you’d like help tailoring this for SEO, images, or formatting for your blog platform.