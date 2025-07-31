Key Notes

Bengaluru police says the hacker in CoinDCX heist disguised as a recruiter.

As a result, 30-year-old Rahul Agarwal was swindled, serving as the attack conduit.

Meanwhile, CoinDCX has refuted claims of a Coinbase buyout.

Bengaluru police believe that they have identified the cause of the $44 million crypto heist that hit Indian cryptocurrency exchange CoinDCX.

The exploit involved hackers posing as recruiters to commit the malicious act that left the crypto exchange with a significant financial loss.

Coindcx staff role in $44 million hack

The Indian police claim that the hackers posed as recruiters to lure a CoinDCX software engineer, Rahul Agarwal, into installing malware on his company laptop per The Indian Express report.

Once a connection was established, the bad actor drained about $44 million in cryptocurrencies from the exchange. As it stands, 30-year-old Agarwal has been detained for his alleged link to the hack.

It is worth noting that blockchain analytics firm Cyvers suspected that the attackers leveraged exposed API keys or misconfigured backend systems. This aligns with the allegations levied against Agarwal.

Investigators are certain that the attackers were able to move funds from the CoinDCX account by using his login credentials to access the firm’s systems.

In other words, the bad actor relied on his corporate access to carry out their illicit operation, and this has prompted the authorities to arrest him as the investigation is still ongoing.

The hackers delivered the malware in the guise of a part-time job. Then the compromised device triggered the breach of the internal wallet systems at Neblio Technologies, the CoinDCX operator.

Although he consistently denied any involvement in the matter, Agarwal’s company-owned device has been confiscated in the meantime.

Like CoinDCX, Hyperliquid HYPE $43.68 24h volatility: 2.1% Market cap: $14.59 B Vol. 24h: $389.67 M experienced an API outage recently, a development that was initially suspected to be a hack. The team quickly attributed the API server issue that caused its outage to a spike in traffic.

“There was an issue with API servers between 14:10 and 14:47 UTC in which orders were delayed in being sent to the nodes,” it wrote on the status page. “This was due to a significant spike in traffic. There was no hack or exploit.”

Coindcx hack and north korea’s lazarus group

Meanwhile, authorities have linked the CoinDCX attack to North Korea’s Lazarus Group, citing consistent attack patterns.

They are similar to patterns seen in the Bybit hack earlier this year. It usually involves the exploitation of cross-chain bridges and the use of Tornado Cash to obscure fund flows.

CoinDCX has launched an $11 million bounty initiative, which represents up to 25% of the stolen assets. With this bounty offer, CoinDCX aims to involve ethical hackers, researchers, and blockchain experts to help recover the stolen assets.

Amidst this matter, Mint published an article stating that Coinbase plans to buy out the exchange. Mint’s sources claimed that Coinbase has already secured equity in both CoinDCX and rival CoinSwitch.

CoinDCX CEO Sumit Gupta publicly debunked the acquisition claim, stating that the company is busy building and expanding. He told his followers on X to “Ignore the rumours.”

Just got up and saw this news! 😅 Ignore the rumours! CoinDCX is “super focused” on building for India’s crypto story and not up for sale! Will share more later but just wanted to clarify this upfront! https://t.co/4CqAf94GjT — Sumit Gupta (CoinDCX) (@smtgpt) July 29, 2025

