In a shocking development following the recent hack of Indian crypto exchange CoinDCX, authorities have uncovered evidence suggesting possible insider involvement. Reports indicate that an employee of the exchange has been arrested on suspicion of playing a role in the fraudulent activity.
According to local sources, hackers managed to exploit the login credentials of a CoinDCX tech employee, identified as Rahul Agarwal, to siphon a staggering $44 million worth of cryptocurrency. Agarwal, who holds a position as a software engineer at the exchange, was allegedly compromised by cybercriminals who gained unauthorized access to his account.
The arrest of the employee came after Neblio Technologies, the parent company of CoinDCX, filed a formal complaint regarding the exploitation of Agarwal’s login details. The security breach, which took place on July 19, compromised an internal account used by the exchange to provide liquidity to its customers.
Cybersecurity experts from Cyvers have linked the exploit to the notorious North Korean Lazarus Group, noting similarities to a previous crypto hack involving Indian exchange WazirX. The pattern of the attack suggests a coordinated effort by sophisticated hackers to target cryptocurrency platforms in the region.
In a surprising twist, it was revealed that Agarwal had been using the company laptop for freelance work, despite being a full-time employee. Neblio’s vice-president for public policy, Hardeep Singh, disclosed that the employee received a call from Germany and was subsequently sent files for completion, one of which may have contained malware allowing the hacker to infiltrate CoinDCX’s server.
During police interrogation, Agarwal confessed to engaging in moonlighting activities and acknowledged receiving a significant sum of money in his bank account from an unknown source. The investigation also uncovered that the employee had received $17,131 through his part-time job over the past year, raising suspicions about the legitimacy of the transactions.
The news of the employee’s arrest comes amidst swirling rumors of a potential acquisition of CoinDCX by US crypto exchange giant Coinbase. Speculations suggested a valuation of the Indian exchange at below $900 million, prompting CoinDCX CEO Sumit Gupta to dismiss the rumors and affirm the company’s commitment to fostering India’s crypto ecosystem.
As the investigation into the $44 million heist continues, authorities have registered a case under various sections of the Indian Information Technology Act to bring the perpetrators to justice. The incident serves as a stark reminder of the growing threats posed by cybercriminals to the burgeoning crypto industry, highlighting the importance of robust security measures and vigilant oversight in safeguarding digital assets.