VPNs, mule accounts and Telegram: How Bengaluru firm was scammed of ₹49 crore in just 2 hours

The Cyber Crime Police have uncovered a massive ₹49-crore digital fraud that targeted Whizdm Finance, a private non-banking financial company in Bengaluru. Two people have been arrested in connection with the case, and investigators have managed to recover ₹10 crore, which has since been returned to the firm.

The digital crime took place during the night of August 6 and 7, when hackers infiltrated Whizdm Finance’s digital systems and drained crores of rupees through hundreds of rapid transactions. The company discovered the breach two days later during a manual audit and filed a complaint on August 9, according to a report by Times of India (TOI).

Also read| Bengaluru’s Namma Metro phase 3A: Underground stations shortened by 40 metres after ₹2,920-crore budget cut

A team led by Deputy Commissioner of Police (Crime–2) Raja Imam Kasim P quickly began the investigation. The arrested suspects have been identified as Sanjay Patel (43) from Udaipur, Rajasthan, and Ismail Rasheed Attar (27) from Belagavi. Police said the duo set up a virtual private network (VPN) and opened multiple mule bank accounts to facilitate the illegal transfers.

The operation was directed by two masterminds based in Dubai, who are still absconding. The duo reportedly hired hackers from Hong Kong to breach Whizdm’s digital systems.

Also read| Karnataka high court quashes rape case against man who met woman on Bumble dating app

Police Commissioner Seemant Kumar Singh told TOI, that the hackers transferred ₹49 crore into 656 accounts through 1,782 transactions in just two hours, calling it a “professionally executed international fraud.”

Further investigation showed that Whizdm Finance, which issues small personal loans up to ₹lakh, was chosen deliberately because of its transaction model. The hackers exploited the company’s Application Programming Interface (API), the link between its app and bank systems, using rented servers and VPNs to mimic legitimate loan disbursements.

Patel allegedly opened over 650 mule accounts to channel the stolen money, while Attar helped coordinate with the Dubai-based masterminds.

Reportedly, the fraudsters used Telegram for encrypted communication and employed servers based in Hong Kong and Lithuania to mask their digital trail.