A sophisticated cyber-attack targeting Bengaluru’s Neblio Technologies Private Limited — the company behind the crypto exchange CoinDCX — has exposed deep vulnerabilities in the digital asset space, casting a spotlight on the suspected involvement of international hacker syndicates linked to North Korea, according to The Times of India. Bengaluru authorities suspect an inside job involving employee Rahul Agarwal, who may have unwittingly aided the breach.

Authorities are now working through the fallout of what is being called the largest virtual currency heist the city has witnessed, with stolen assets amounting to an estimated 44 million dollars.

Security specialists and investigators said that after breaching the company’s defences, the digital loot was funneled through six separate accounts before ultimately converging in a single account believed to be under the control of a North Korean operation. Local police noted that similar tactics have been seen in a spate of recent attacks on cryptocurrency exchanges, hinting at a pattern that points towards state-sponsored cybercrime, the report stated.

The local investigation also zeroed in on Rahul Agarwal, a CoinDCX employee from Jharkhand, whose corporate device was leveraged in the breach. Police said Agarwal, who had served at the company for several years, became entangled in an online part-time job scam that promised money for minor digital tasks, the Deccan Herald reported.

Unwittingly, he allowed his work and personal laptops to be accessed by the fraudsters, who then used his credentials as a conduit into CoinDCX’s core systems. While some company officials suspected he was merely an unwitting pawn manipulated by the hackers, others allege possible complicity, and Agarwal has since been taken into judicial custody for further interrogation.

Company executives are also said to be under immense pressure to reassure stakeholders, emphasizing that customer assets are safe. CoinDCX has ramped up collaboration with cybersecurity firms, and in a move to recover the stolen funds, announced a substantial bounty for information that leads to asset retrieval or arrests.