Bengaluru’s Largest Crypto Heist: $44 Million Stolen from CoinDCX; North Korean Hackers Suspected, Insider Probe Underway
Bengaluru, July 31, 2025 – In what is being regarded as the largest cryptocurrency theft in Bengaluru’s history, Neblio Technologies Private Limited, the company behind crypto exchange CoinDCX, reported that hackers have stolen approximately $44 million in digital assets. Investigations suggest that the attack could be linked to North Korean hacker groups, and authorities are scrutinizing whether any insider helped facilitate the breach.
The Heist and Investigation Details
The cyber theft saw the digital assets moved out of CoinDCX’s custody and dispersed initially into six separate cryptocurrency wallets before being consolidated into a single wallet believed to be controlled by a North Korean criminal ring. This modus operandi aligns with previous global cyberattacks attributed to North Korean hackers, who have become notorious for targeting crypto exchanges.
Sources from the cyber police have confirmed ongoing investigations into the possibility of internal collusion, focusing particularly on one employee, Rahul Agarwal. His login credentials were reportedly exploited during the breach. Cyber sleuths are analyzing whether Agarwal was complicit or inadvertently compromised, as evidence shows sophisticated hacking attempts extended to infiltrating employee hardware.
Company Response and Security Measures
CoinDCX has assured its customers that all personal funds remain secure, stating that customer assets are primarily held in cold wallets, which are offline and generally considered safer from hacking. The company has also initiated a recovery bounty program offering incentives for information that could lead to regaining the stolen assets.
A CoinDCX spokesperson told The Times of India, “Security has always been a top priority at CoinDCX. We benchmark ourselves against global best practices and have invested significantly in strengthening our infrastructure.” The company has partnered with international cybersecurity firms like Sygnia and Seal911 to enhance asset tracing and to establish rapid freezing mechanisms aimed at containing further losses.
Challenges in Fund Recovery
Experts warn that recovering stolen cryptocurrency, especially at this scale and complexity, poses a considerable challenge. Cybersecurity expert Rahul Sasi, founder of CloudSEK, highlighted the murky nature of such breaches, noting that stolen credentials are often bought and sold discreetly on the dark web. He said, “There is no way to be sure of the intent of such computer users in such cases.”
Avinash Shekhar, founder of crypto exchange Pi42 and former CEO of ZebPay, pointed out that the prospects of recovery largely hinge on the types of cryptocurrencies stolen and the jurisdictional reach of the authorities. “If the stolen funds are in centrally issued tokens like USDT (Tether), there’s a theoretical chance to freeze them. But if the assets are decentralized tokens such as Ethereum, recovery becomes significantly more difficult,” he explained.
Shekhar also underscored the complications added by suspected involvement of North Korean actors, whose operations typically evade international jurisdiction, making retrieval close to impossible. “Tracing of stolen funds is a long, persistent process. Blockchain’s permanent ledger does allow for tracking over years, and there have been cases where assets were frozen even after 5 to 10 years,” he added.
The Road Ahead
As Bengaluru’s technology and crypto communities absorb the shock of this colossal breach, attention now turns to the authorities’ abilities to both uncover the full extent of the operation and restore any of the stolen assets. CoinDCX continues to cooperate closely with law enforcement agencies while reinforcing its security framework in hopes of preventing future incidents.
While the fate of the $44 million remains uncertain, this incident has once again spotlighted the vulnerabilities within the cryptocurrency sector and the growing menace posed by state-backed cybercriminal groups.
Follow The Times of India for ongoing updates on this developing story.