Hackers Steal $44 Million from CoinDCX Using Fake Job Offer in Sophisticated Cyberattack

In a striking case of social engineering, hackers posing as recruiters tricked an employee at Indian cryptocurrency exchange CoinDCX into installing malware that ultimately led to a $44 million crypto heist, according to Bengaluru police.

Hackers installed malware on laptop of Bengaluru crypto exchange CoinDCX’s staffer to steal Rs 384 crore: police

The Bengaluru police said the hackers installed malware on the pretext of giving Rahul Agarwal, who had worked with CoinDCX for the past three years, a part-time job.

The Indian ExpressExpress News Service

Authorities say the attackers approached 30-year-old Rahul Agarwal, a software engineer at CoinDCX operator Neblio Technologies, with what appeared to be a freelance job opportunity. Under the pretense of onboarding him for a part-time role, the hackers delivered malicious software that infiltrated his company-issued laptop.

Bengaluru Crypto Theft: Bengaluru techie arrested in Rs 379 crore CoinDCX crypto theft: How hacker used his login to siphon funds; got call from Germany | Bengaluru News - Times of India

A software engineer at CoinDCX, Rahul Agarwal, has been arrested in connection with the Rs 379-crore cryptocurrency theft reported by the company. Inv

The Times Of IndiaH M Chaithanya Swamy

Investigators believe the malware allowed the attackers to compromise internal wallet systems and initiate unauthorized transfers. Using Agarwal’s login credentials, the hackers moved tens of millions in crypto out of the exchange. The engineer has since been taken into custody as the probe deepens, though he maintains he was unaware of the malicious intent until the incident was uncovered by an internal review.

CoinDCX co-founder and CEO Sumit Gupta had earlier acknowledged a server-side breach involving an internal operational wallet but reassured customers that no user funds were affected. The firm has pledged to absorb the financial hit.

Authorities have not disclosed where the stolen crypto was sent or whether any of it has been recovered. However, investigators are exploring the possibility that foreign actors may have been involved in orchestrating the breach.

In response, CoinDCX has launched a Recovery Bounty Programme, offering 25% of the stolen funds—around $11 million—to anyone who can help trace or recover the assets. Co-founder Neeraj Khandelwal emphasized the company’s commitment to transparency and collaboration with the global crypto community in recovering the lost funds.

This breach marks the second major attack on an Indian crypto exchange in the past year. In July 2024, WazirX was hit by a massive $230 million exploit allegedly linked to North Korea’s Lazarus Group. The fallout from that attack continues, with WazirX’s restructuring efforts stalled after a Singapore court rejected its reorganization plan in June.

As the CoinDCX investigation continues, the incident underscores the evolving tactics used by cybercriminals and the pressing need for tighter security protocols—even at the human level.