BENGALURU | October 28, 2025 — In a sensational case that has left cybersecurity experts and financial regulators alarmed, an eighth-grade educated plumber and a tenth-grade digital marketing employee, working in tandem with Dubai-based operatives and Hong Kong hackers, allegedly pulled off a ₹47-crore cyber heist from a Bengaluru-based non-banking financial company (NBFC).
The Central Crime Branch (CCB) of Bengaluru has arrested Sanjay Patel (43), a plumber from Udaipur, Rajasthan, and Ismail Rasheed Attar (27), a digital marketing worker from Belagavi, Karnataka. Two other accused, believed to be the masterminds, remain on the run and are suspected to be hiding in Dubai.
The Two-Hour Digital Heist That Shocked Bengaluru
According to the complaint filed by a senior manager of the affected NBFC, a series of suspicious, high-value transactions were detected on August 6 and 7, 2025. The company’s internal audit revealed that 1,782 unauthorized transactions had been executed from foreign IP addresses, transferring an estimated ₹47 crore to 656 bank accounts within just two and a half hours.
Investigators were stunned by the precision and speed of the attack. The NBFC’s internal systems were not directly breached; instead, hackers reportedly exploited weaknesses in its API (Application Programming Interface) — the digital gateway connecting its backend systems to mobile and web applications.
650+ Mule Accounts and the Money Trail
The investigation revealed that the stolen funds were dispersed through a labyrinth of more than 650 mule accounts across multiple states. So far, around ₹10 crore has been frozen in various accounts linked to the network.
Patel, the plumber-turned-cyber-accomplice, received ₹27.39 lakh directly into his account, which led to his arrest on September 25. Meanwhile, over ₹5.5 crore was routed through a Hyderabad-based firm that had used IP addresses linked to Webyne Data Centre, purchased by Attar.
Hackers from Hong Kong and Servers Rented in Dubai
The CCB probe uncovered that the Dubai-based suspects had rented five high-speed servers and engaged professional hackers from Hong Kong to infiltrate the NBFC’s digital infrastructure. Using these servers, they successfully breached the company’s API authentication system and initiated the rapid fund transfers.
The cyber trail led investigators to IP addresses in Hong Kong and Lithuania, all linked to the same rented servers. These findings have been shared with central cyber agencies for deeper forensic analysis and international coordination.
Police Commissioner: “The Operation Took Just 2.5 Hours”
Speaking to the press, Bengaluru City Police Commissioner Seemant Kumar Singh said:
“The hackers managed to transfer ₹47 crore within two and a half hours by breaching the company’s digital lending app, which offered microloans of up to ₹5 lakh. The precision and planning indicate the involvement of an international syndicate.”
The Commissioner confirmed that an FIR has been registered under relevant sections of the Information Technology Act and the Bharatiya Nyaya Sanhita (BNS).
Expert’s Take — “API Attacks Are the New Frontier of Cybercrime”
Renowned cybercrime expert and former IPS officer Prof. Triveni Singh called the incident a wake-up call for India’s financial technology ecosystem.
“This case reveals how cybercriminals are shifting focus from user-level phishing to API-level exploitation,” Prof. Singh explained. “APIs are the backbone of fintech operations, but they are often poorly monitored. Financial institutions must implement zero-trust architecture, conduct real-time anomaly detection, and perform frequent API security audits.”
He added that such crimes now form part of a larger global cyber-syndicate model, blending local operatives with sophisticated foreign hackers.
Legal and International Follow-Up
The CCB has requested assistance from Interpol and India’s Cyber Crime Coordination Centre (I4C) to track down the Dubai-based suspects. Efforts are also underway to trace the movement of funds through foreign banking channels.
Police are examining whether similar methods were used to target other fintech firms in India. Investigators believe this operation may have served as a “test run” for a larger, coordinated cyber attack network.
The Bigger Picture — Low-Tech Minds, High-Tech Crime
This case underscores a growing pattern in India’s cybercrime landscape: the convergence of low-tech criminals with high-tech global hackers. Experts warn that as fintech platforms expand their digital footprint, the combination of unsecured APIs, outsourced IT operations, and cross-border collaboration could open new frontiers for financial crime.
Prof. Singh summarized it best:
“Cybercrime has evolved from individual scams to organized ecosystems. A plumber from Udaipur and hackers in Hong Kong working on the same mission — that’s the new face of digital fraud.”
