In a serious cybercrime incident, hackers successfully stole Rs 2.34 crore from the Ballari District Co-operative Central (BDCC) Bank in Karnataka, diverting funds to 25 fake accounts. The breach, which exploited the bank’s RTGS/NEFT transaction system, was discovered after customers reported issues with their transactions.
In Short
The fraud was uncovered shortly after the manipulation occurred, on January 13, 2025.
BDCC Bank suspended its RTGS/NEFT services and filed a police complaint.
Detailed Breakdown
How the Fraud Unfolded
On January 10, 2025, during a routine fund transfer from BDCC Bank to IDBI Bank, hackers targeted the bank’s RTGS/NEFT transaction system. They manipulated XML files, altering account numbers and IFSC codes while keeping beneficiary names unchanged. This manipulation allowed them to divert Rs 2.34 crore to 25 accounts located in various northern states, bypassing the intended recipients.
Discovery of the Breach
The fraudulent activity came to light on January 13, 2025, when multiple branches reported that customer funds were not being credited correctly. Investigations revealed that transactions exceeding Rs 5 lakh had been redirected to unauthorized accounts, prompting immediate action from the bank.
Immediate Action Taken
In response to the discovery, BDCC Bank took swift measures by suspending its RTGS/NEFT services to prevent further losses. They also filed a complaint at the Hosapete Town Police Station, which has since been escalated to the Ballari CEN (Cyber Economic Narcotics) Police Station for a more thorough investigation.
Legal Proceedings
The police have registered a First Information Report (FIR) under pertinent sections of the Information Technology Act and the Bharat Nyay Sanhita. This legal action addresses serious charges of fraud, cheating, and misuse of computer systems, highlighting the severity of the cybercrime.
Ongoing Investigation
Authorities are actively investigating the incident, focusing on tracing the 25 beneficiary accounts that received the diverted funds. This case underscores the vulnerabilities present in financial transaction systems and the escalating threat of cybercrime within India’s banking sector.
Important Details & Evidence
- The hackers executed the fraud by altering XML files during a routine transaction.
- The breach was significant enough to divert a large sum of Rs 2.34 crore.
- The bank’s immediate suspension of RTGS/NEFT services indicates the seriousness of the threat.
- The FIR filed encompasses serious legal implications for the perpetrators, showcasing the bank’s commitment to legal recourse.
Final Takeaways
This incident serves as a stark reminder of the vulnerabilities in the banking sector’s transaction systems and the growing sophistication of cybercriminals. The BDCC Bank is taking proactive steps to recover the stolen funds and enhance its cybersecurity measures. Customers are being assured of ongoing efforts to prevent future breaches, emphasizing the importance of robust security protocols in financial institutions. As cyber threats continue to evolve, it is crucial for banks to remain vigilant and adaptive to protect their customers and their assets.
