Hacker Breaches Aditya Birla Capital App, Steals ₹1.95 Crore in Digital Gold

              A shocking incident of cyber fraud has emerged from Mumbai's Prabhadevi area, where an unidentified hacker infiltrated the Aditya Birla Capital Digital Limited's ABCD app. The hacker made unauthorized technical modifications and sold digital gold worth approximately ₹1.95 crore from the accounts of 435 customers, transferring the proceeds into various personal bank accounts.

The fraud was uncovered when several affected customers contacted the company's call center, reporting that their purchased digital gold had been sold without their consent. In response, Aditya Birla Capital filed a First Information Report (FIR) with the Central Region Cyber Police in Mumbai, prompting a comprehensive investigation by the cyber cell.

Hacker Breaches Aditya Birla Capital App, Steals ₹1.95 Crore in Digital GoldHacker Breaches Aditya Birla Capital App, Steals ₹1.95 Crore in Digital Gold

       According to the Cyber Cell, the complaint was lodged by Ravindra Rajmal Chaudhary, the Head of Fraud Risk Management at Aditya Birla Capital Digital Limited. The company facilitates the buying and selling of digital gold through MMTC-PAMP, a government-authorized entity, with all transactions processed via Razorpay through the ABCD mobile application, which offers various financial services, including digital gold, silver, UPI, mutual funds, and insurance.

On June 9, the company's technical team discovered that an unidentified individual had hacked into the application programming interface (API) connecting the ABCD app to the company's server at digital.adityabirlacapital.com. The hacker manipulated the app's transaction protocols, successfully selling digital gold from 435 user accounts while bypassing the mandatory one-time password (OTP) verification process.

Hacker Breaches Aditya Birla Capital App, Steals ₹1.95 Crore in Digital GoldHacker Breaches Aditya Birla Capital App, Steals ₹1.95 Crore in Digital Gold

      The fraud was brought to light when multiple users reported unauthorized sales of their digital gold. Following an internal review, the technology team suspended the digital gold selling feature. An investigation by the information security team confirmed that on June 9, digital gold belonging to 435 customers had been illicitly sold. The company has provided a list of affected users and detailed logs to the Cyber Cell, which is now conducting a thorough technical investigation into the breach. Further actions are underway.