Mumbai Cyber Heist: ₹1.95 Crore Digital Gold Stolen from Aditya Birla Capital’s ABCD App

Jun 26, 2025

A dramatic cyber-fraud episode has emerged in Mumbai’s Prabhadevi locality, where a malicious actor exploited a technical flaw in Aditya Birla Capital Digital Limited’s (ABCD) mobile application to illicitly sell ₹1.95 crore worth of digital gold from 435 customer accounts.

What Happened?

Incident Details

Impact

₹1.95 cr sold & digital gold drained

435 users affected, but no net financial loss as holdings were restored

Breached via compromised API & OTP bypass

Indicates backend and authentication vulnerabilities

FIR lodged, patch applied, collaboration with Cyber Police & CERT‑In underway

Ongoing investigation and reinforcement of systems

  • Breach details: On June 9, 2025, ABCD’s security team detected unauthorized activity when customers began reporting that their digital gold had been sold without consent—and they hadn’t received any money.

  • Attack vector: The attacker gained access via a compromised API between ABCD’s servers and its mobile app, bypassing OTP protections designed to authenticate gold-sale transactions.

  • Scale of impact: The perpetrator executed unauthorized digital gold sales from 435 users, moving proceeds into multiple personal bank accounts.

Response & Recovery

  • Immediate intervention: ABCD promptly suspended the digital gold selling feature within the app to prevent further unauthorized trades.

  • Regulatory action: A First Information Report (FIR) was filed with the Central Region Cyber Police in Mumbai. The complaint was lodged by Ravindra Rajmal Chaudhary, Head of Fraud Risk Management at ABCD.

  • Remediation measures:

    • The technical flaw—rooted in the API—has been identified and rectified, restoring the security of the digital gold module.

    • All affected customer holdings have been fully reinstated, ensuring no financial losses.

Investigation & Future Protections

  • ABCD is collaborating closely with Mumbai Cyber Police, CERT‑In, and its cyber-insurance partners to deepen the investigation and trace the perpetrators.

  • The company has also reinforced its platform’s protection, enhancing API security, enforcing stricter OTP checks, and intensifying monitoring post-breach.

Industry & Regulatory Insight

This incident highlights a growing vulnerability in the fintech sector—especially within digital-asset services. The breach:

  • Bypassed OTP controls—a fundamental authentication step.

  • Exposed API weaknesses, suggesting deeper security lapses in backend infrastructure.

  • Compromised a large user base (435 accounts), underscoring the potential scale and impact of such attacks.

Key takeaways for the wider BFSI industry:

  1. Enforce zero-trust architecture and rigorous API security auditing.

  2. Implement dynamic, multi-factor authentication, not solely OTP-based systems.

  3. Use real-time anomaly detection to monitor for unauthorized bulk transactions.

Final Word

While ABCD’s swift reaction—disabling sales, patching the bug, restoring holdings, and working with authorities—is commendable, this breach serves as a cautionary tale. It underscores the critical importance of proactive defenses in fintech environments handling digital assets.

Until the attackers are apprehended and further safeguards are validated, users and regulators alike must remain vigilant. The incident is being monitored closely by India's cybersecurity community and financial watchdogs.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.

Latest News

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Jul 6, 2026

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Jun 26, 2026

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Jun 23, 2026

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Jun 17, 2026

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Jun 10, 2026

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

Jun 3, 2026

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.