Bengaluru Police Identify Cause of $44 Million CoinDCX Crypto Heist

Bengaluru police have identified the cause of a $44 million hack of Indian cryptocurrency exchange CoinDCX. Hackers posed as recruiters to trick a software engineer into installing malware on his laptop, enabling unauthorized access to the exchange's systems.

Details of the Hack

  • Hackers exploited the engineer's login credentials to drain approximately $44 million in cryptocurrencies.
  • The engineer, Rahul Agarwal, has been detained for his alleged involvement.
  • Blockchain analytics firm Cyvers suggested that attackers may have used exposed API keys or misconfigured backend systems.
  • The malware was disguised as part-time job offers, leading to a breach in internal wallet systems at Neblio Technologies, the operator of CoinDCX.
  • Agarwal denies any wrongdoing; however, his company-owned device has been confiscated.

Connection to Lazarus Group

  • Authorities suspect links between the CoinDCX attack and North Korea's Lazarus Group based on similar attack patterns.
  • These patterns include exploiting cross-chain bridges and using Tornado Cash to obscure fund flows.

CoinDCX's Response

  • CoinDCX has initiated an $11 million bounty program, offering up to 25% of stolen assets to ethical hackers and researchers for assistance in asset recovery.
  • Rumors of a potential acquisition by Coinbase were publicly denied by CoinDCX CEO Sumit Gupta, who emphasized the company's focus on growth.