In one of Karnataka’s most significant cybercrime investigations, the Criminal Investigation Department (CID) has revealed that a freelancing tech professional unknowingly became the primary entry point for cybercriminals in the massive ₹368-crore cryptocurrency theft from a Bengaluru-based crypto exchange.
The breach came to light in July 2025, when the cryptocurrency exchange located in Bellandur, East Bengaluru, reported that its digital wallets had been compromised and a large quantity of cryptocurrency had been siphoned off. An employee was initially taken into custody, but the CID’s in-depth probe has now uncovered a sophisticated international fraud network behind the incident.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Trust built before the breach
According to CID officials, the accused techie — whose identity has been withheld — had been secretly moonlighting for over a year. During this period, he was approached through a fake professional networking profile offering a lucrative freelance assignment to help build a website for a crypto exchange.
“The fraudsters gave him a legitimate-looking project, held regular online review meetings, and paid him consistently to gain his confidence,” said a senior CID investigator. The techie reportedly received nearly ₹15 lakh for his freelance work, leaving him with no reason to suspect foul play.
Company laptop became the point of compromise
The CID found that the techie carried out the freelance work using his full-time employer’s official laptop. In July 2025, after one of the online project meetings, the fraudsters sent him a batch of files for review — one of which was embedded with malware.
When he opened the file, the malicious program silently executed in the background, bypassed the device’s security systems, and granted the hackers remote administrative access to both the laptop and the exchange’s internal servers.
Private keys stolen, entire treasury drained
With admin-level access secured, the hackers were able to extract the private keys of the exchange’s cryptocurrency wallets. They first transferred a small amount to test the breach, and once successful, proceeded to drain the company’s entire digital treasury.
Investigators say the stolen cryptocurrency was first routed to the exchange’s internal wallet, then moved across multiple intermediary wallets before ultimately landing in a single consolidated wallet controlled by the fraudsters.
Transactions traced, wallet owner remains unknown
CID officials confirmed that while the transaction trail of the stolen cryptocurrency has been successfully tracked, identifying the actual owner of the final wallet remains a major challenge.
“That is the level of sophistication involved in crypto-related crimes. We can trace the money flow, but finding the person behind a crypto wallet is extremely difficult,” the officer said.
Warning for tech professionals on moonlighting risks
The CID has used the case to issue a broader warning about the dangers of moonlighting and freelance job scams. Officials said cybercriminals often exploit side-gig platforms, part-time job offers, investment fraud schemes, and gaming-related assignments to gain access to corporate systems.
Following the incident, the exchange has reportedly strengthened its cybersecurity framework and data protection systems to prevent similar breaches in the future.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
