In a significant breakthrough in the ₹1.72 crore cyber fraud involving the Asian Paints Masterstroke Reward App, the Dausa Cyber Police have arrested another accused, taking the total number of arrests in the case to five. The accused allegedly exploited a technical vulnerability in the company’s reward application to fraudulently obtain reward benefits without purchasing any products.
According to investigators, the case was registered after Asian Paints Limited filed a complaint on August 11, 2025, alleging that unidentified individuals had manipulated the Masterstroke Reward Program by exploiting a flaw in the system. The accused allegedly generated fake QR codes using a trial-and-error method and redeemed reward points, causing the company a financial loss of ₹1,72,86,297.
Following the complaint, the cyber police registered a case under relevant legal provisions and launched a detailed investigation. Acting on technical and digital evidence, the investigation team arrested Sonu Saini (23), a resident of Kala Kakra Wali Dhani in Lalsot. He is the fifth person arrested in connection with the case.
Earlier, police had arrested Anil Kumar Saini, Vishnu Kumar Saini, Riku Saini, and Rahul Saini, all of whom have since been remanded to judicial custody. Investigators are now questioning Sonu Saini to identify other members of the alleged cyber fraud syndicate and uncover the full extent of the network.
According to the investigation, the accused did not purchase genuine Asian Paints products. Instead, they allegedly exploited a weakness in the application’s reward verification process to create fraudulent QR codes, enabling them to claim reward points and benefits that were intended only for legitimate customers and dealers.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Cyber security experts say such incidents highlight the importance of secure application development and regular vulnerability assessments. Weak validation mechanisms, insecure QR code generation, or flaws in reward redemption systems can be exploited by cyber criminals if they are not identified and patched in time.
Renowned cyber crime expert and former IPS officer Prof. Triveni Singh said that cyber criminals are increasingly targeting digital loyalty and reward platforms because they often involve financial incentives and high transaction volumes. He emphasized that companies should implement robust authentication mechanisms, continuous security audits, and real-time fraud monitoring to detect suspicious activities before substantial losses occur.
The Future Crime Research Foundation has also noted that cyber fraud targeting corporate reward programs is becoming more sophisticated. The organization recommends regular penetration testing, secure QR code validation, multi-factor verification, and AI-driven fraud detection systems to minimize the risk of abuse.
The investigation remains ongoing, and authorities believe additional arrests may follow as digital evidence is examined and the wider network is traced. Police are also analyzing the technical methods allegedly used to exploit the reward application and determine whether similar attacks were carried out against other digital platforms.
