Mumbai: A shocking case of cyber fraud has surfaced from Mumbai's Prabhadevi area, where an unknown hacker breached Aditya Birla Capital Digital Limited's ABCD app, made technical changes, and sold digital gold worth approximately ₹1.95 crore from the accounts of 435 customers. The proceeds were then transferred into various personal bank accounts by the fraudster.
The incident came to light when several affected customers began calling the company’s call center, reporting that their purchased digital gold had been sold without their consent. Following the revelations, the company filed an FIR with the Central Region Cyber Police in Mumbai. The cyber cell has launched a full-scale investigation.
According to information from the Cyber Cell, the complaint was lodged by Ravindra Rajmal Chaudhary (36), Head of Fraud Risk Management at Aditya Birla Capital Digital Limited. The company buys and sells digital gold through MMTC-PAMP, a government-authorized entity. All transactions are processed via Razorpay and facilitated through the company’s mobile application “ABCD,” which offers various financial services including digital gold, silver, UPI, mutual funds, and insurance.
As per the complaint, on June 9, the company’s technical team discovered that an unidentified individual had hacked into the application programming interface (API) between the ABCD app and the company’s server at digital.adityabirlacapital.com. The hacker manipulated the app’s normal transaction protocols and successfully sold digital gold from the accounts of 435 users—bypassing the mandatory OTP (one-time password) verification process.
The fraud came to light when multiple users began contacting the company’s call center, claiming their digital gold had been sold without authorization. Upon internal review, the technology team suspended the digital gold selling feature.
A subsequent investigation by the information security team confirmed that on June 9, digital gold belonging to 435 customers had indeed been illicitly sold. The company submitted a list of affected users along with detailed logs to the Cyber Cell, which has now begun a detailed technical investigation into the breach. Further action is underway.
