₹47 Crore Mega Scam: How a Plumber and a 10th Pass Man Helped Hackers Loot a Bengaluru Finance Firm

Cybercrime and Arrests: Reports on the bust of a Rs 47-crore cybercrime involving Hong Kong hackers and Dubai-based Indians by Bengaluru police

Bengaluru, India: In a shocking case that has put a spotlight on the global reach of cybercrime, the Bengaluru Central Crime Branch (CCB) has cracked a massive financial fraud, arresting two Indian men who were key players in an international network that siphoned off nearly ₹47 crore from a Bengaluru-based Non-Banking Financial Company (NBFC).

The investigation has revealed a complex operation where a plumber from Rajasthan and a man who studied up to Class 10 were used by a mastermind group operating from Dubai and professional hackers based in Hong Kong to carry out the sophisticated heist. The sheer scale and speed of the theft—nearly ₹47 crore drained in just about two-and-a-half to three hours—has sent a strong warning to all Indian finance companies about the security risks they face.

The Heist: What Happened to the NBFC?

The fraud targeted Whizdm Finance Private Limited, the company that runs the popular instant loan app, Moneyview. The case began when the company’s senior management noticed multiple unauthorised and suspicious transactions in their bank accounts on August 7, 2025.

The Timeline of the Crime:

• August 6-7, 2025: Between midnight and early morning, hackers executed a chilling spree of transactions, emptying the company’s bank accounts.
• Total Loss: The initial estimate of the loss was ₹47 crore, which was later found to be closer to ₹49 crore across different accounts.
• Modus Operandi: An internal probe by the NBFC quickly showed that the transactions were not made from the company’s official systems or registered internet addresses (IP addresses). Instead, they came from foreign IP addresses, confirming a high-level security breach.

According to Police Commissioner, Bengaluru, Seemant Kumar Singh, a staggering 1,782 fraudulent transactions were made, distributing the stolen money across an incredible 656 different bank accounts nationwide. This huge number of accounts, known as ‘mule accounts,’ was the main way the criminals tried to hide their digital trail.

The Network: Dubai Mastermind to Indian Mules

The Bengaluru CCB investigation managed to trace the entire chain of the cyber-attack, revealing a clear structure that shows how global criminals exploit local vulnerabilities.

1. The Brains (Dubai and Hong Kong)

The investigation revealed that the entire operation was coordinated by Indian-origin men based in Dubai. This Dubai-based team acted as the ‘managers’ of the operation.

• They contacted and paid professional Hong Kong-based hackers to find a weakness in the NBFC’s system.
• The hackers successfully breached the company’s API system (Application Programming Interface)—the digital door that allows the loan app to talk to the bank. By exploiting a vulnerability in the API, the hackers managed to bypass security software and make it look like thousands of genuine instant loan requests were coming in. The funds, instead of going to genuine users, were diverted to the mule accounts.
• To hide their tracks, the hackers used IP addresses that originated from countries like Hong Kong and Lithuania.

2. The Middleman (The 10th Pass Digital Marketer)

The police arrested Ismail Rasheed Attar (27) from Belagavi, a man who had only cleared the 10th grade (SSLC) but worked as a digital marketer and online freelancer.

• The Dubai-based bosses reached out to Attar on social media platform Telegram.
• Attar’s job was to buy Virtual Private Servers (VPS) from a server hosting service provider like Webyne Data Centre. These servers cost about ₹1,500 each, but Attar rented them out to the Dubai team for a small profit, about ₹2,500.
• These servers were then used by the Hong Kong hackers to launch the attack, using the rented IPs to shield their true location. Attar effectively provided the digital launchpad for the ₹47 crore heist.

3. The End of the Chain (The Plumber and the Mule Accounts)

The second key arrest was Sanjay Patel (43), a plumber from Udaipur, Rajasthan. He was an owner of one of the 656 ‘mule accounts’ used in the fraud.

• Patel’s State Bank of India (SBI) account alone received a large sum of ₹27.39 lakh directly from the stolen funds.
• ‘Mule accounts’ are bank accounts owned by individuals who are paid a small commission to let criminals use their account for receiving and quickly withdrawing illegally obtained money. This step is crucial for the scamsters to quickly convert the digital stolen money into hard cash, making it incredibly hard for police to trace.

The police have successfully frozen about ₹10 crore in these mule accounts and are currently working with international agencies to find and arrest the main suspects in Dubai and Hong Kong.

Expert View and Police Statement

This case clearly highlights how highly skilled international hackers are teaming up with local individuals who, despite their lack of education, are aware of digital tools and money-laundering methods.

“This investigation clearly shows that criminals today operate across borders. We have successfully arrested the ground-level operators who provided the tools and the mule accounts. The two main accused in Dubai are Indian-origin, and we have shared their details with international partners. We want to send a strong message: No matter how complex the digital trail, our Cyber Crime Branch will follow every rupee. We have recovered ₹10 crore and are determined to recover the rest.”- Police Commissioner, Bengaluru, Seemant Kumar Singh

Abhishek Bhatt, Cyber Security Expert : “The API breach in a major finance app like Moneyview is a serious concern. It shows that even companies with high security must constantly audit their API keys—the connection point between their data and the bank. For the common Indian citizen, this should be a massive warning: Never rent out your bank account or allow anyone to use your KYC documents for small commissions. These ‘mule account’ holders are as guilty as the hackers and will face severe legal action.”

Protect Your Money: Simple Tips to Avoid Cyber Scams

The ₹47 crore scam is a stark reminder of the rising threat of cybercrime in India. Here are simple steps you can take to protect yourself and your family:

1. Never Share Bank Details: Never give your bank account number, debit card PIN, OTP, or CVV to anyone, even if they claim to be from the bank, police, or a government agency.
2. Beware of “Easy Money”: Be extremely careful about online offers that promise huge, quick money for little work, like receiving money into your account and transferring it out for a small fee. This is the definition of a ‘mule account’ and is illegal.
3. Check the Link: Before clicking any link in an SMS, WhatsApp message, or email, check the sender’s ID and the link address very carefully. When in doubt, call the official number of the company/bank.
4. Keep Software Updated: Make sure your mobile phone, computer, and all apps are always updated. Software updates often include new security fixes.
5. Report Immediately: If you or someone you know has been scammed, immediately call the Cyber Crime Helpline (1930) and report the fraud on the National Cyber Crime Reporting Portal (www.cybercrime.gov.in).

FAQs: The ₹47 Crore Cyber Heist Explained

Q1. What exactly is the ‘API Breach’ used in this scam?

A : API stands for Application Programming Interface. Think of it as a waiter in a restaurant who takes your order (a request) to the kitchen (the server/bank) and brings back your food (the data/money). In this scam, the hackers found a weakness in the ‘waiter’ (the NBFC’s API). They were able to send thousands of fake ‘loan requests’ (orders) to the NBFC’s system. Because the requests looked legitimate, the system approved them and sent the money to the hackers’ chosen accounts (the mule accounts) before the company’s own security systems could detect the fraud.

Q2. Who are the ‘Mule Account’ holders and what is their crime?

A : A ‘mule account’ holder is a person who lets criminals use their personal bank account to receive and transfer stolen money. People like the arrested plumber, Sanjay Patel, are often offered a small commission (maybe 5% to 10% of the money) to participate. Their crime is that they are actively involved in money laundering, which is a serious criminal offence. They provide the final step for the hackers to convert digital stolen funds into real cash. The police treat these individuals as co-conspirators in the crime, not just victims, and they can face jail time and heavy fines.

Q3. How much of the stolen money has been recovered so far?

A : The Bengaluru police have been highly successful in quickly tracing the flow of money and have managed to freeze about ₹10 crore that was still parked in some of the mule accounts. They are now working with Interpol and other international law enforcement agencies to track the rest of the money and bring the Dubai-based Indian masterminds and the Hong Kong hackers to justice. The recovery process for such international scams is often long and complicated, but the initial recovery is a major breakthrough.

Q4. Is my money in my bank account safe from such API breaches?

A : A typical personal bank account is usually very safe and protected by many layers of security like OTP, PIN, and password, which the bank itself controls. The API breach in this case did not target your personal bank account. It targeted the high-volume transfer systems of a Finance Company (NBFC) that handles huge amounts of money daily for instant loans. However, the biggest threat to your personal money remains social engineering scams (like calls or messages asking for OTPs) and phishing. Always keep your banking apps and phone security updated.