An employee at Indian crypto exchange CoinDCX has been arrested in connection with a $44 million hack that occurred on July 19. Bengaluru police detained 30-year-old Rahul Agarwal, a staff engineer at the company, after hackers reportedly used his login credentials to breach internal systems and steal funds.

According to reports from The Times of India, Agarwal’s credentials were compromised through malware installed on his CoinDCX-issued laptop. Investigators believe the attackers gained access overnight and initially transferred 1 USDt before siphoning $44 million into six different wallets the next morning.

Agarwal has denied any involvement but admitted to taking freelance work from private clients while employed full-time at CoinDCX. The company’s parent, Neblio Technologies, launched an internal probe that led to his arrest and the seizure of his work laptop.

CoinDCX’s CEO, Sumit Gupta, called the breach a “sophisticated social engineering attack” and urged the public not to speculate as the investigation is ongoing. In a statement posted to X, Gupta emphasized that employee-targeted attacks are increasingly common and cautioned against spreading unverified information.

Despite the massive outflow of funds, Gupta assured users that no customer assets were compromised. The stolen funds were reportedly part of an internal liquidity provision account connected to another exchange.

Agarwal, who worked at CoinDCX for over two years, started as a senior software engineer in 2023 and was promoted to staff engineer in 2025. He had been working from the company’s Bengaluru office when the hack took place.

As of now, CoinDCX is cooperating with authorities and has not confirmed the employee’s arrest publicly, citing the active nature of the investigation.