Banking Software Vulnerability Exploited in Major Rs 7.34 Crore Cyberfraud
A critical security flaw in banking software has been exploited to orchestrate a massive cyberfraud amounting to Rs 7.34 crore at the Bhavnagar District Co-operative Bank in Gujarat. The Criminal Investigation Department's Cyber Centre of Excellence has arrested four individuals in connection with this sophisticated financial crime, highlighting growing threats to India's banking infrastructure.
Arrests and Investigation Details
The accused have been identified as Adnan Sheikh (24) from Fatewadi, Ahmedabad, Rubina Sheikh (31) from Vasna, Ahmedabad, Sushilkumar Meghwal (32) from Rakhial, Ahmedabad, and Kishor Pardeshi (43), a home guard jawan from Mulund West in Mumbai. Their arrests followed a hacking complaint registered in 2026 at the Cyber Centre of Excellence regarding the Bhavnagar bank's system.
During the investigation, police discovered that the group allegedly exploited a vulnerability in the bank's core banking service software to create fake balances and divert funds. This software flaw is reported to have affected approximately 14 to 15 banks across the country, raising concerns about widespread security risks.
Modus Operandi and Network Uncovered
The cybercriminals targeted four dormant accounts within the Bhavnagar bank, changing the registered mobile numbers to ones under their control. They then generated a virtual balance of Rs 7.35 crore, which closely matched the actual fraud amount detected. The stolen money was transferred into 135 different bank accounts to avoid detection and facilitate dispersion.
Analysis of the suspects' mobile phones revealed details of 42 additional bank accounts linked to the operation. Investigators also found that the accused allegedly rented bank accounts from individuals by offering monetary incentives, using these accounts to move the fraud proceeds.
Multi-State Cybercrime Connections
Further checks on the national cybercrime portal indicate that the accused are allegedly connected to over 15 cybercrime cases across India, involving an estimated Rs 4 crore. These cases span multiple states including Karnataka (five cases), Gujarat, Uttar Pradesh and Haryana (two cases each), and Andhra Pradesh, Tamil Nadu, Punjab and Maharashtra (one case each).
Investigators believe the trail points to a larger, organized multi-state cybercrime network operating across India. The discovery of these connections suggests a sophisticated criminal enterprise targeting financial institutions nationwide.
Recovery Efforts and Public Warning
Authorities have successfully frozen Rs 2.04 crore of the total amount stolen, representing significant progress in recovering the fraudulently obtained funds. Police have issued a stern warning to the public against renting out bank accounts, ATM cards, cheque books or SIM cards to unknown individuals.
Officials urge victims of cyberfraud to report incidents immediately via helpline 1930, preferably within the first hour of detection, to maximize chances of recovery. This case underscores the importance of prompt reporting and cooperation with law enforcement agencies in combating financial cybercrime.
The investigation continues as authorities work to uncover the full extent of the cybercrime network and identify additional individuals involved in these fraudulent activities. Banking institutions are advised to review their software security measures to prevent similar vulnerabilities from being exploited in the future.
