Cyber Attack Steals ₹2.34 Crore from a Bank in Karnataka via RTGS/NEFT Vulnerability

Cybercriminals have successfully targeted a vulnerability in the RTGS/NEFT transaction system of a cooperative bank in Vijayanagara, Karnataka, siphoning off ₹2.34 crore. The scam was uncovered after customers of Ballari District Co-operative Central (BDCC) Bank reported discrepancies in their account transactions, with no funds being credited.

Authorities revealed that hackers exploited the bank’s system by altering account numbers and IFSC codes in XML files during a regular transfer from BDCC Bank to IDBI Bank on January 10, 2025. Although the names of the beneficiaries remained unchanged, the stolen funds were redirected to 25 different accounts located across northern states of India.

The fraudulent activity was discovered on January 13, 2025, when customers from various branches flagged the issue of unprocessed transfers from January 10 onwards. Further investigations showed that transactions exceeding ₹5 lakh were diverted to unauthorized accounts.

In response, BDCC Bank promptly suspended its RTGS/NEFT services and lodged a formal complaint at the Hosapete Town Police Station. The case was subsequently handed over to the Ballari CEN (Cyber Economic Narcotics) Police Station, where an FIR was filed under applicable sections of the Information Technology Act and the Bharat Nyay Samhita related to fraud and computer-based crimes.

Read also:

• Biden’s 100% Tariffs on Chinese EVs Could Defy the Trend
• NPCI Alerts of Temporary Payment System Disruption