Security Bearish 7

CoinDCX Founders Arrested Amidst Massive Brand Impersonation Fraud Crisis

CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal have been arrested in Mumbai following an FIR alleging cryptocurrency fraud of Rs 71 lakh. The exchange has vehemently denied the charges, claiming the arrests are the result of a sophisticated impersonation conspiracy involving over 1,200 fraudulent websites mimicking their platform to scam investors.

· 3 min read ·
Share

Key Takeaways

  • CoinDCX co-founders Sumit Gupta and Neeraj Khandelwal have been arrested in Mumbai following an FIR alleging cryptocurrency fraud of Rs 71 lakh.
  • The exchange has vehemently denied the charges, claiming the arrests are the result of a sophisticated impersonation conspiracy involving over 1,200 fraudulent websites mimicking their platform to scam investors.

Mentioned

CoinDCX company Sumit Gupta person Neeraj Khandelwal person Mumbai Police organization Bitcoin technology

Key Intelligence

Key Facts

  1. 1Founders Sumit Gupta and Neeraj Khandelwal arrested in Mumbai following an FIR alleging Rs 71 lakh fraud.
  2. 2CoinDCX identified 1,212 fake websites mimicking its platform between April 2024 and January 2026.
  3. 3The company previously suffered a $44 million hack in 2025 involving an internal operational account.
  4. 4Fraudulent schemes utilized fake Telegram groups and WhatsApp channels to lure investors into fake staking.
  5. 5CoinDCX claims funds were transferred by victims to third-party accounts with no connection to the exchange.
#1

Bitcoin

BTC
$67,674.00-1344.79 (-1.94%)
Market Cap
$1.36T
24h Change
-1.94%
Rank
#1

Analysis

The arrest of Sumit Gupta and Neeraj Khandelwal represents a significant escalation in the regulatory and legal challenges facing the Indian cryptocurrency sector. While the First Information Report (FIR) alleges direct cheating and financial fraud, the core of the defense rests on a massive cybersecurity failure—not of the exchange itself, but of the broader digital ecosystem's ability to police brand impersonation. CoinDCX's internal investigation revealed a staggering 1,212 fake websites designed to clone their interface, a tactic increasingly used by pig butchering and high-yield investment scam syndicates to exploit the brand equity of established platforms.

This incident highlights a critical vulnerability for centralized exchanges: the trust gap created by sophisticated phishing. Scammers are not just stealing credentials; they are building entire parallel infrastructures, including fake Telegram groups and WhatsApp channels, to lure victims into transferring funds to third-party accounts. The specific allegation in this case involves a victim losing Rs 71 lakh, with funds reportedly transferred to accounts entirely unconnected to CoinDCX's official banking channels. This suggests a failure in the victim's ability to verify the platform's authenticity, but also a potential gap in law enforcement's initial assessment of the technical evidence, where the distinction between a legitimate entity and a malicious clone may have been blurred during the FIR filing process.

The timing of these arrests is particularly sensitive for CoinDCX, which is still navigating the reputational fallout from a major 2025 cyberattack that saw $44 million drained from an internal operational account.

The timing of these arrests is particularly sensitive for CoinDCX, which is still navigating the reputational fallout from a major 2025 cyberattack that saw $44 million drained from an internal operational account. That previous breach, while separate from the current fraud allegations, likely heightened regulatory scrutiny and decreased the benefit of the doubt afforded to the company by Indian authorities. For the broader industry, this case serves as a warning that founders can be held personally and legally liable for fraud committed by third parties using their brand name, especially if the legal system struggles to differentiate between a legitimate entity and a malicious clone in the early stages of an investigation.

What to Watch

From a cybersecurity perspective, this case underscores the need for proactive brand protection and domain monitoring. The fact that over 1,200 domains were able to operate between April 2024 and January 2026 suggests that current takedown mechanisms are insufficient against determined adversaries who can spin up new mirrors faster than they can be blacklisted. For investors and users, the incident reinforces the importance of using official apps and verified URLs, as the line between a legitimate exchange and a fraudulent clone has become nearly invisible to the untrained eye. The use of cash transfers to third-party accounts, as alleged in the complaint, is a classic hallmark of impersonation scams that bypass the exchange's internal AML and KYC controls entirely.

Looking forward, the resolution of this case will likely hinge on the forensic trail of the Rs 71 lakh. If CoinDCX can prove the funds never touched their ecosystem and were instead diverted to independent scam accounts, it could set a vital precedent for how impersonation fraud is handled in the Indian legal system. However, the immediate impact is a chilling effect on the Indian crypto market, as the arrest of high-profile founders over third-party scams signals a high-risk environment for digital asset entrepreneurship. Industry leaders will likely push for better domain-level security and more collaborative frameworks between exchanges and law enforcement to prevent brand hijacking from resulting in criminal charges against the victims of the impersonation themselves.

Timeline

Timeline

  1. Impersonation Campaign Begins

  2. $44M Cyberattack

  3. Monitoring Period Ends

  4. FIR and Arrests

  5. Official Denial

Cite This Page

"CoinDCX Founders Arrested Amidst Massive Brand Impersonation Fraud Crisis." Cyber Intelligence Brief, March 23, 2026. https://getcyberbrief.com/story/coindcx-founders-arrested-impersonation-fraud

How we covered this story

Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.

Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.

Sources are only linked to a story once they clear our classification pipeline at a minimum 35 percent relevance threshold. According to that methodology, reviewed July 2026, this follows multi-source corroboration standards recommended by journalism research bodies such as the Reuters Institute for the Study of Journalism.

See something wrong in this story — a wrong fact, a broken source link, a misattributed entity? Report a data issue.