The police investigating the alleged theft of cryptocurrency worth $44 million from CoinDCX, a cryptocurrency exchange operated by Bengaluru-based Neblio Technologies, said on Wednesday that hackers had installed malware on a company laptop used by Rahul Agarwal, an employee of the firm they have arrested over the crime.
The police said the hackers installed malware on the pretext of giving Agarwal, a Jharkhand native who had worked with CoinDCX for the past three years, a part-time job.
In a police complaint filed on July 22, Hardeep Singh, Vice-President, Public Policy and Government Affairs, Neblio Technologies, said that someone hacked into the company’s wallet to transfer cryptocurrency worth $44 million (Rs 384 crore) at around 2.37 am on July 19 to six accounts.
A police officer said the hackers tasked Agarwal, who had held a good position in the company, with writing reviews and also gave him other online tasks in return for good money. While Agarwal initially used his personal laptop, he later switched to his office laptop, on which the hackers managed to install the malware without his knowledge, according to the officer. The hackers thus gained access to CoinDCX and diverted money from its wallet.
The police officer said, “Agarwal was totally in the dark about the theft that has happened by hacking into his laptop. It was late for him to realise that he was used as a tool to siphon such a huge amount of cryptocurrency.”
An internal investigation revealed that Agarwal had earned about Rs 15 lakh and when the company confronted him, he explained it as income from a part-time job he had been doing.
The police are in a dilemma about establishing the money trail as there is barely any regulation on cryptocurrency in India or elsewhere in the world. “If it was a bank transfer, we could find a money trial. But it seems to be impossible as the origins of the wallets (to which the cryptocurrency was transferred) is also not from India. If the crypto exchanges failed to share the data of the wallets, it would be a tough task,” the officer said.
Story continues below this ad
Neeraj Khandelwal, a co-founder of the firm, said during a live session on July 21, “We’ve launched a Recovery Bounty Programme, committing 25 per cent of any recovered funds to those who help us. This is a fight against bad actors for the entire industry, and we invite the community to help us.”
The bounty would amount to $11 million, around Rs 96 crore, according to the company.
The Whitefield CEN police have registered a case under sections 66 (computer-related offences), 43 (penalty and compensation for damage to computer, computer system etc), 66(c) (identity theft) and 66(d) (cheating by personation by using computer resource) of the Information Technology Act as well as 303 (theft), 316 (4) (criminal breach of trust), 318 (4) (cheating), and 319 (2) (cheating by personation) of the Bharatiya Nyaya Sanhita.