Massive Crypto Security Breach Hits Bengaluru’s Nebilo Technologies; Insider Suspected
Nebilo Technologies in Bengaluru has reported a ₹378.95 crore crypto security breach, with insider involvement suspected. Investigations are ongoing.
In a major wake-up call for India’s crypto sector, Nebilo Technologies, a Bengaluru-based crypto trading platform, has reported a staggering ₹378.95 crore crypto security breach. The cyberattack, which took place in the early hours of July 19, has not only shocked the industry but also raised serious questions about internal security controls.
Coordinated Attack Drains Crypto Wallet
At approximately 2:37 a.m., an unidentified individual infiltrated Nebilo’s digital wallet. First, the hacker initiated a small transaction of 1 USDT—likely a test. Just hours later, a much larger theft unfolded as $40 million (approximately ₹378.95 crore) was siphoned off and rerouted to a separate crypto account. This suspicious sequence immediately triggered internal alarms.
The attacker didn’t stop there. By distributing the stolen funds across six different crypto wallets, the hacker complicated the tracking process. This tactic is frequently used to obscure the trail on the blockchain, making recovery efforts more challenging.
Employee Laptop Identified as Entry Point
As Nebilo’s team launched an internal investigation, they zeroed in on a laptop used by part-time employee Rahul Agarwal. He had been working with the company for over a year. Although he insisted he used the device only for work-related tasks, deeper analysis revealed otherwise. Investigators discovered that he had accessed the laptop for non-company activities, clearly violating the firm’s IT policies.
This violation has made Agarwal a prime suspect in the crypto security breach. Now, authorities are investigating whether he acted independently or collaborated with external threat actors.
FIR Filed; Legal Proceedings Begin
Hardeep Singh, the Vice President of Public Policy and Government Affairs at Nebilo Technologies, formally filed a complaint with Whitefield’s Cybercrime, Economic Offences, and Narcotics (CEN) Police Station. Authorities responded promptly and registered a First Information Report (FIR).
Rahul Agarwal, now in custody, faces serious charges under various sections of the Information Technology Act—namely 66, 43, 66(C), and 66(D)—as well as provisions of the Bharatiya Nyaya Sanhita (BNS) including Sections 303, 316(4), 318(4), and 319(2). Officials are also probing potential links to organized cybercrime networks.
Investigation Underway to Trace Funds
Even though blockchain offers transparency, tracing stolen cryptocurrency isn’t straightforward. Because funds can quickly move across anonymous wallets, investigators must deploy advanced forensic tools to follow the money. Nevertheless, the CEN police have expressed optimism.
They’ve initiated a deep-dive forensic audit to identify how the hacker gained access and to follow the money trail. Similar past cases, both in India and abroad, have resulted in partial or full fund recovery thanks to technological diligence and cross-border cooperation.
Crypto Security Breach Puts Spotlight on Insider Threats
This incident has once again highlighted a harsh reality: insider threats remain one of the most dangerous vectors in cybersecurity. In the world of digital assets—where every transaction can carry millions in value—even a single point of failure can have catastrophic consequences.
Across the globe, multiple crypto security breaches have been linked to internal mishandling, poor endpoint protection, or staff with insufficient training. The Nebilo case follows this trend and emphasizes the importance of implementing strict internal controls.
Authorities Call for Stronger Cyber Hygiene
As the investigation moves forward, authorities have urged other fintech and crypto platforms to act quickly. They recommend immediate upgrades to endpoint security, adopting zero-trust architecture, and ensuring every employee undergoes regular cybersecurity training.
Moreover, regulators are expected to revisit compliance standards. Given the rapid growth of digital asset platforms in India, this breach could catalyze tighter rules around system access, employee accountability, and threat detection protocols.
A Costly Reminder for Crypto Startups
With digital finance platforms increasingly targeted by cybercriminals, this case stands out as one of the largest crypto thefts in India this year. More importantly, it sends a strong signal to the fintech industry: robust cyber defenses must go beyond firewalls and encryption. Real security starts from within.
Until further details emerge, the Nebilo Technologies breach will remain a key case study in crypto security. Startups and large firms alike would do well to treat this as a warning and strengthen their defenses immediately.
