A software developer from Bengaluru has been taken into custody on suspicion of taking part in a huge cryptocurrency theft that targeted CoinDCX, a well-known Indian exchange, and cost INR 379 crore. Neblio Technologies, the parent firm of CoinDCX, submitted an official complaint, according to police, which prompted the breakthrough.
On July 26, the Whitefield CEN Crime Police arrested Rahul Agarwal, 30, a native of Haridwar, Uttarakhand, who now resides in Carmelaram, Bengaluru.
Investigators discovered that his workplace laptop’s private login credentials had been used during the security breach, leading to his detention.
How the INR 379 Cr Theft Unfolded?
It has been reported that the investigation started when Hardeep Singh, the vice-president for public policy at CoinDCX, went to the authorities to investigate suspicious activity on the site. An unnamed individual gained access to the CoinDCX system at 2:37 am on July 19 and transferred one USDT—a stablecoin based on the US dollar—to an external wallet.
Company Probe Leads to Developer’s Laptop
The break became more severe hours later. Approximately $44 million (approximately INR 379 crore) had been moved to six different cryptocurrency wallets by the time the activity was discovered.
The corporation conducted an internal investigation as a result of this widespread syphoning. Rahul Agarwal’s official laptop was the sole device that seems to have been compromised, according to the company’s internal inquiry.
Police confiscated the device and started interrogating Agarwal in light of this discovery. Agarwal admitted to “moonlighting,” or doing freelance work for several clients outside of his regular job, but denied any direct involvement in the theft.
According to him, he was given assignments by three or four private clients, but he had no idea who they were or what kind of access they had.
Freelance Work, WhatsApp Calls, and a German Link
Upon closer examination of Agarwal’s actions, it was discovered that his bank account had an unidentified INR 15 lakh deposit. Agarwal allegedly told police that he had received a WhatsApp call from a German number when he was questioned.
He did not specify how the files were used or who sent them, but the caller allegedly told him to fill out some of the files that were sent to him. The authorities have not ruled out the potential that Agarwal’s credentials could have been used remotely to carry out the intrusion, either through malware or by outside criminals abusing his freelance work.
Police officials are still looking into the origin of the German connection, the INR 15 lakh bank deposit, and whether any other people or foreign connections were involved in the theft, even though Agarwal is still in custody.
Authorities Investigate Deeper Network, Wallets, and Security Lapses
Authorities are also investigating whether internal cybersecurity protocol flaws at CoinDCX had a role in the attack and how the hacker escalated access from a single USDT transaction to a comprehensive multi-crore steal. The identities of the six cryptocurrency wallets used in the crime are being investigated, and the Rs 379-crore stolen sum has not yet been located.
Leave a Reply