In a move that has sent shockwaves through the Indian Web3 ecosystem, the co-founders of CoinDCX, Sumit Gupta and Neeraj Khandelwal, were arrested on March 21, 2026. The arrests follow a First Information Report (FIR) alleging financial fraud and cheating. However, in an immediate official response, CoinDCX has termed the FIR “false,” claiming that the founders are being framed by a massive network of scammers posing as them to dupe the public.
The “Impersonation” Defense
According to CoinDCX, the case stems from a “sophisticated brand impersonation conspiracy” where third-party fraudsters used the founders’ names and likenesses to solicit funds into unrelated accounts.
- Scale of Fraud: CoinDCX revealed it has identified and reported over 1,212 fake websites impersonating its official domain between April 2024 and January 2026.
- The “Fake” Connection: The company clarifies that the bank accounts mentioned in the police complaint have no connection to CoinDCX’s official operations or its parent company, Neblio Technologies.
- Public Warning: The exchange had previously issued a public notice on its website warning users that it was being targeted by organized cyber-fraudsters.
Context: A Year of Security Turmoil
The arrests come at a particularly vulnerable time for the exchange, which has been battling multiple security and regulatory hurdles over the past year.
| Event Date | Incident | Impact / Details |
| July 2025 | $44 Million Breach | Hackers stole ~₹378 crore from an internal liquidity wallet. Customer funds were unaffected. |
| November 2025 | ED Attachment | The Enforcement Directorate attached ₹8.46 crore in accounts linked to CoinDCX in a separate “fake app” case. |
| March 20, 2026 | Employee Arrest | A software engineer, Rahul Agarwal, was arrested for allegedly installing malware that enabled the $44M July hack. |
| March 21, 2026 | Founders Arrested | Sumit Gupta and Neeraj Khandelwal taken into custody over the impersonation fraud FIR. |
The “Job-Bait” Link
Police investigations into the July 2025 hack recently led to the arrest of an internal software engineer. It was discovered that the breach occurred after the employee was lured into a “fake job offer” scam, which resulted in malware being installed on his company laptop. This compromised device was used to bypass internal security and drain $44 million from the company’s treasury.
Current Status of the Exchange
Despite the legal turmoil at the leadership level, CoinDCX has reassured its 16 million users that the platform remains fully operational.
- Asset Safety: All customer assets are stored in segregated cold-wallet infrastructure and remain unaffected by the current case or the previous $44M theft.
- Operations: Trading, INR deposits, and withdrawals are currently functioning as normal.
- Legal Cooperation: The company stated it is “fully cooperating” with law enforcement to unmask the actual fraudsters behind the impersonation scheme.
“The FIR against our co-founders appears to be part of a conspiracy involving impersonators… we remain committed to supporting authorities in addressing such misconduct,” the company stated on X.
