Stolen Cryptocurrency Valued at $44 Million from Coindcx Tracked Down, Engineer Arrested
Breaking News: Bengaluru Police Arrest Coindcx Software Engineer in $44 Million Crypto Heist
A complex case of a $44 million theft from one of India's top crypto exchanges, Coindcx, has taken a new turn with the arrest of Rahul Agarwal, a 30-year-old software engineer at the company.
The breach, it appears, was the result of a highly coordinated social engineering and malware attack that compromised Agarwal's login credentials. Hackers gained access to Coindcx's internal liquidity wallets using his credentials and siphoned off the funds in under seven hours, moving them into six separate cryptocurrency wallets.
According to the Bengaluru police, the breach originated from Agarwal's company laptop. An internal investigation by Coindcx found that Agarwal had been using his work laptop for freelance work, potentially exposing security vulnerabilities. The police suspect that the attack may have begun with a suspicious WhatsApp call from a foreign number, which may have introduced malware.
Rahul Agarwal was arrested following these findings, although he denied any direct involvement in the theft during police interrogation, admitting only to moonlighting. Coindcx CEO Sumit Gupta, however, assured users that customer funds were safe following the breach.
The stolen funds were from Coindcx's corporate treasury, not customer funds, and the loss will be absorbed by the company's reserves, according to Gupta. It is unclear if the hackers could have potentially gained access to Coindcx's servers through this malicious code. An unknown source also transferred Rs 15 lakh to Agarwal's bank account, but the connection, if any, to the breach remains unclear.
| Aspect | Details | |------------------------------|------------------------------------------------------------------------------------| | Attack Type | Sophisticated social engineering and malware attack | | Entry Point | Compromise of Rahul Agarwal’s login credentials via his company laptop | | Initial Vector | Suspicious WhatsApp call potentially led to malware infection | | Breach Impact | $44 million stolen from CoinDCX’s corporate treasury liquidity wallets | | Agarwal’s role | Software engineer whose compromised credentials enabled hackers' access | | Arrest and Investigation | Agarwal arrested, denies direct involvement but admits freelance work | | Company Response | CEO Sumit Gupta confirmed incident, assured customer funds unaffected |
This incident serves as a reminder for all companies to maintain strict security protocols and to ensure that employees do not use their work devices for personal activities that may compromise security. Coindcx, for its part, has assured users that the trading platform remains unaffected, and that customer funds are safe. The investigation into the breach is ongoing.
[1] https://www.thehindubusinessline.com/info-tech/bengaluru-police-arrest-coin-dcx-software-engineer-in-44-million-crypto-heist/article35789392.ece [2] https://www.thehindu.com/business/Industry/bengaluru-police-arrest-coin-dcx-software-engineer-in-44-million-crypto-heist/article35789392.ece [3] https://www.moneycontrol.com/news/business/bengaluru-police-arrest-coin-dcx-software-engineer-in-44-million-crypto-heist-6735231.html
Technology played a significant role in the $44 million cryptocurrency heist at Coindcx, with a sophisticated social engineering and malware attack compromising a software engineer's login credentials. The general-news about this crime-and-justice issue is ongoing as the Bengaluru police investigate the breach, having arrested the engineer in question.
