With respect to the $44 million CoinDCX crypto hack, the Indian police have made one of the most important clues by arresting the 30-year-old employee of the company, Rahul Agarwal, who worked as a software engineer in the exchange.
Leakage of Information suggested that he was the victim of a cyber recruitment scheme that implanted malware on his employment-issued computer, leading to his arrest on the allegation that he used company systems that were compromised.
The incident, which was reported on July 19, compromised one of the CoinDCX internal accounts. Fortunately, the company confirmed that user funds were intact. Sumit Gupta, the CoinDCX’s CEO, stated that the incident seemed to be “a very sophisticated social engineering attack” aimed that exploit an organization by attacking the employees to take control of the account.
As reported by The Times of India citing police sources, the hackers offered pseudo freelance opportunities to Agarwal for manipulating him to use the malware. The internal systems were breached with his account which resulted in an unauthorized transfer of cryptocurrency assets worth 44 million dollars.
Despite such serious claims made against him, Agarwal claims to be a victim by virtue of claims stating that he was handling freelance opportunities were isolated from the actions.
The incident has sparked new issues pertaining to internal security procedures, as well as the increasing reliance on psychological tactics in cyber manipulation. After Agarwal’s arrest, CoinDCX decided to not give a statement due to the sensitive nature of the investigation.
Still, Gupta reassured that the law enforcement agencies have been provided the required evidence by the company and that CoinDCX is actively making changes to its internal protocols to resolve the identified issues.
Looking into the matter, Gupta posted a statement on social media that addressed the acquisition rumors purported by Coinbase. He called these reports nonsense, stating, “Ignore the rumours! CoinDCX is super focused on building for India’s crypto story and not up for sale!” He focused on the matter of innovation and growth as per India’s crypto ecosystem.
As the law enforcement agencies actively work on identifying the masterminds of the intelligent phishing operation, the case has ignited a heated debate surrounding corporate employee phishing security training and the dangers of social engineering. Secretly tracking the funds is garnering a wider investigation into the operation while collaborating with cybercriminal specialists to resolve the case.
