According to him:
“Based on our internal preliminary findings, this appears to be a sophisticated social engineering attack. Naturally, in these attacks, employees of a company are targeted to gain unlawful access to internal systems of an organisation.”
This confirms reports from Indian media outlets suggesting that a CoinDCX employee may have played a key role, knowingly or negligently. According to The Times of India, police in Bengaluru have detained Rahul Agarwal, a CoinDCX software engineer, whose internal credentials were allegedly misused during the breach.
The report claims the attacker initiated a small $1 USDT transaction from the employee’s account as a test before moving on to the larger $44 million theft. Authorities are examining whether the staff member was complicit or compromised in the attack.
Meanwhile, Gupta failed to provide further information about the investigations. Instead, he said:
“As this is an ongoing investigation, we unfortunately cannot engage with the media or public on this issue. We want to ensure the integrity of the process is maintained and are fully cooperating with the authorities.”
So, the CoinDCX breach is part of a broader trend observed in the past year.
These cases highlight a pressing issue where even advanced cybersecurity measures can fail when employees are manipulated.
