The crypto world is no stranger to hacks — but this time, the enemy came from within. CoinDCX, one of India’s largest crypto exchanges, recently suffered a loss of ₹379 crore (approximately $45 million) in what is now confirmed to be an insider breach.
A former employee allegedly exploited internal systems to siphon funds over several weeks, sending shockwaves through the digital asset community.
While most attention often focuses on external hacks, the CoinDCX case raises a more complex and increasingly urgent question: What happens when the biggest risk to user funds is inside the company walls?
On July 26, Bengaluru police arrested a 27-year-old software engineer in connection with the theft. Reports suggest the employee had access to an internal wallet integration tool used for liquidity provisioning with external exchanges.
Using his privileged login credentials, he allegedly transferred customer and company funds to private wallets, cleverly avoiding detection by blending in with regular exchange activity.
Agarwal was arrested following a complaint from Neblio Technologies, the parent company of CoinDCX. The police report that Agarwal’s compromised work laptop was how hackers managed to access CoinDCX’s internal servers and conduct the transaction.
Agarwal has so far played the victim. He has admitted to using the compromised work laptop while moonlighting with other crypto companies apart from CoinDCX. This was illegal under the exchange’s employee policy.
The police believe that Agarwal had been lured into a “task fraud” job, which involved completing basic tasks such as writing Google reviews for a set amount of money. It is believed that by employing Agarwal, hackers managed to gain access to his systems. Investigators believe the theft was conducted without sophisticated malware or phishing. It was, at its core, an abuse of internal trust and infrastructure.
The police also report —“If it were a regular bank transfer, the accounts could’ve been frozen. In this case, there is no regulation on cryptocurrency, and it is close to impossible to trace its trail.”
Despite the reports that Agarwal was exploited, he was arrested and sent to judicial custody. Agarwal is currently in police custody for further probe.
What makes this case especially concerning is not just the amount stolen, but the method — an insider with trusted access abusing system weaknesses and oversight gaps.
The CoinDCX case is not isolated. A recent Brave New Coin investigation into insider risk highlights how internal actors now represent a growing segment of crypto security breaches — especially as platforms scale and grant access to more technical employees, vendors, and third-party service providers.
The article explains — “Their method of entry relies on being handed the keys to the castle, not through brute-force hacks or zero-day exploits, but by securing legitimate access as trusted team members.”
Unlike external attacks that rely on breaching defenses, insider threats often bypass them altogether. Once inside, these actors can:
Even firms with robust external security postures often lag when it comes to access control, internal audits, and monitoring of privileged users.
This breach has prompted calls for better internal governance within crypto exchanges. Here’s what experts recommend:
For CoinDCX, rebuilding trust means implementing these guardrails quickly, communicating transparently, and potentially submitting to third-party audits.
The CoinDCX incident raises new questions for users and institutional clients:
