Sign in

6 held as e-wallet security glitch drains ₹40 cr; SIT probe on

The breach allowed users to transact “any desired amount even if it was unavailable in the wallet,” according to police. 

Published on: Sep 17, 2025, 05:26:06 IST
Share
Share via
  • facebook
  • twitter
  • linkedin
  • whatsapp
Copy link
  • copy link

At least 2,500 bank accounts across the country have been frozen after a software security breach at an e-wallet firm allowed users to transfer money without balance, leading to the syphoning of at least 40.22 crore, Gurugram police said on Tuesday.

With help from banks, transactions in 2,500–3,000 accounts were put on hold, and  ₹8 crore lying in them was frozen.
With help from banks, transactions in 2,500–3,000 accounts were put on hold, and ₹8 crore lying in them was frozen.

Officials said a process is underway to form a special investigation team (SIT) to probe the large-scale fraud in which the firm suffered a hefty financial loss. The breach allowed users to transact “any desired amount even if it was unavailable in the wallet,” according to police.

Police in Gurugram, Nuh and Palwal have issued advisories warning people not to exploit the loophole, cautioning that doing so would invite legal action. Six men were arrested from Palwal and Nuh on Monday after it emerged that they had transferred 2.5 crore into their accounts by exploiting the bug.

The suspects were identified as Mohammad Shakil of Uttawar (Palwal), Mohammad Rehan of Rewasan, Waqar Yunus, Mohammad Amir, and Mohammad Ansar of Kameda, and Wasim Akram of Madoda, all in Nuh. They were remanded to judicial custody on Tuesday. An FIR was registered under sections 314 (Dishonest misappropriation of property) and 318(4) (Cheating and dishonestly inducing delivery of property) of Bharatiya Nyaya Sanhita (BNS).

Priyanshi Dewan, ACP (cybercrime), said the firm detected the breach on Friday and lodged a written complaint the following day, leading to the registration of a cheating case at Sector 53 police station. “Due to the breach in their software, a user was able to transfer any amount into a bank account from the e-wallet even if it didn’t have any balance,” Dewan said.

As per police, for every false transaction, the money was getting deducted from the main account of the firm linked to the dashboard for maintaining the e-wallets. In a secured transaction, the amount is deducted from the payee’s e-wallet or bank account.

With help from banks, transactions in 2,500–3,000 accounts were put on hold, and 8 crore lying in them was frozen. According to Dewan, the breach was so severe that even incorrect PINs or failed transactions resulted in money being credited to receivers’ accounts, while no deduction took place from the sender’s account. The losses were borne by the company’s account used to run 2.5 lakh wallets across the country.

Police and company officials are investigating whether the breach was caused by a cyberattack, internal sabotage, or a technical glitch. Though the firm has reported losses of 40.22 crore so far, investigators said the amount may rise as the probe continues.

Catch every big hit, every wicket with Crickit, a one stop destination for Live Scores, Match Stats, Infographics & much more. Explore now!.

Stay updated with all the Breaking News and Latest News from Mumbai. Click here for comprehensive coverage of top Cities including Bengaluru, Delhi, Hyderabad, and more across India along with Stay informed on the latest happenings in World News.