India-based crypto exchange CoinDCX is under scrutiny after $44 million was siphoned from its internal wallet via a hack. Currently, Investigators are suspecting the hack is linked to insider involvement. Notably, the exchange is a subsidiary of Neblio Technologies, which has now been involved in the case given its responsibilities as the parent company.
For context, the incident occurred in July 19, 2025, when hackers first executed a small test transfer of 1 USDT, which was followed hours later by multiple withdrawals totaling $44 million. Following the attack, CoinDCX announced India’s largest crypto recovery bounty, offering up to 25% ($11 million) of any recovered funds to individuals who can aid in asset retrieval.
Is the Hack an Insider Job?
According to reports from a local media outlet, The Indian Express, company Investigations pointed the breach to an office-issued laptop belonging to Rahul Agarwal, a software engineer at CoinDCX. Despite strict company policy prohibiting personal use of the device, Agarwal allegedly ignored the restriction.
According to a police officer, Hardeep Singh, Vice President of Public Policy at Neblio, suspects that Agarwal may have partnered with the hackers to execute the attack. However, he also alleged that malware was installed under the guise of assigning freelance tasks to Agarwal, who received about $17,000 in his bank account afterwards.
Nonetheless, the software engineer insisted he was unaware, as investigators explore whether he was unknowingly used or intentionally consented to the criminal act.
Following the arrest of Agarwal, local authorities have registered a case under numerous sections of India’s Information Technology Act and Bharatiya Nyaya Sanhita. Agarwal has been charged with theft, computer fraud, identity theft, and criminal breach of trust. Meanwhile, law enforcement has confirmed that recovery efforts are still ongoing.
Not the First Insider-Related Case
Beyond CoinDCX, other crypto platforms have faced insider-related breaches. For example, CTW reported that scammers had bribed Coinbase’s customer support agents to gain access to sensitive user information. Coinbase estimates the fallout could cost up to $400 million, and has terminated the agents involved.
Binance recently suspended a staff member from its Wallet team for exploiting insider information to front-run trades, generating about $113,000 in gains. The employee used knowledge of the token’s launch, engaged in the presale via multiple linked wallets, and dumped a portion afterwards.