One of India’s largest crypto heists has been linked to a fake job scam. Bengaluru police have arrested Rahul Agarwal, an employee of the CoinDCX crypto exchange, for unintentionally assisting hackers in the theft of $44.2 million.
Agarwal, who had been with CoinDCX for over three years, was targeted online with offers of extra income for performing seemingly harmless tasks, such as writing reviews. Over time, the scammers convinced him to use his work-issued laptop to complete these tasks, a critical mistake.
On July 19, using access from Agarwal’s compromised device, the attackers infiltrated an internal CoinDCX wallet used to provide liquidity on external exchanges. They then siphoned off large amounts of Solana (SOL) and Tether (USDT) via the Jupiter aggregator on the Solana blockchain.
According to authorities, Agarwal’s access privileges played a key role in enabling the breach. His laptop has been confiscated, and police are now tracking the destination wallets that received the stolen funds. Investigators also suspect foreign actors may be involved, although no group has claimed responsibility so far.
CoinDCX has confirmed that customer assets remain safe and that the losses were limited to the company’s own reserves. To aid recovery efforts, the exchange has launched an $11 million bounty program, inviting white-hat hackers and cybersecurity experts to help trace and retrieve the stolen crypto.