Aditya Birla Capital Digital (ABCD) App Breach: ₹1.95 Cr of Digital Gold Illegally Sold—Flaw Patched, Investigation Underway

#AdityaBirlaCapitalDigital #ABCDAppBreach  #ABCDDigitalGoldSold #ABCDAppFlaw 

Mumbai: In a disturbing cyber-attack reported from Mumbai’s Prabhadevi area, an unidentified hacker infiltrated the Aditya Birla Capital Digital Limited (ABCD) mobile app and illicitly sold digital gold worth approximately ₹1.95 crore from the accounts of 435 customers, according to official company statements.

How the Breach Came to Light

The fraud surfaced in early June 2025 following a rash of customer complaints. Users discovered unauthorized sales of their digital gold holdings and reached out to the ABCD support helpline. Many customers also voiced concerns on social media, drawing attention to the breach.

Alarmed by the scale of the incident, ABCD lodged a First Information Report (FIR) with Mumbai’s Central Region Cyber Police. Immediate response efforts were launched to freeze compromised bank accounts tied to the fraudulent transactions and to restore customer assets.

Immediate Recovery & Technical Remediation

Company officials confirmed that all affected holdings have been restored. They reported that the technical loophole exploited by the attacker has been closed, and fresh restrictive controls have been put in place. Among the immediate steps taken:

• Freezing fund transfers from the app to personal bank accounts flagged in the fraud.

• Enhanced controls on transaction limits and two-factor authentication.

• Remediation of the vulnerability in the ABCD platform that initially allowed the unauthorized trades.

ABCD assured users that its digital gold investment service remains fully operational and secure.

Wider Measures Taken

Aditya Birla Capital Digital has initiated a comprehensive response:

• Collaborating closely with its cyber insurance partners to evaluate financial exposure.

• Engaging law enforcement and CERT-In (Indian Computer Emergency Response Team) to trace the attacker and gather forensic evidence.

• Implementing enhanced monitoring tools to flag suspicious user patterns and transactions.

• Conducting third-party audits to verify the effectiveness of the new security measures.

Digital Gold as a Growing Investment Trend

ABCD is among a growing number of financial services firms in India to offer digital gold-backed investment options. On May 7, 2025, the company launched a Digital Gold SIP (Systematic Investment Plan) feature on the ABCD app, allowing regular weekly or monthly investments starting from ₹50 weekly or ₹100 monthly. Physical 24K bullion is held securely by MMTC-PAMP in insured vaults, with digital tokens representing users’ holdings reddit.com+1devdiscourse.com+1reddit.com.

Though designed for convenience and secured storage, this model—holding tokenized, digitally accessible gold—can still be vulnerable to cyber-attacks if the underlying platform has security gaps.

Incident in the Context of Rising Cyber Fraud

India has seen an alarming spike in cyber investment scams in recent years. According to a November 2024 report cited on Reddit, India’s 12 lakh cyber-fraud cases led to losses amounting to a staggering ₹11,333 crore. Notably:

• ₹4,636 crore were lost in stock trading fraud.

• ₹3,216 crore in investment scams.

• ₹1,616 crore through “digital arrest” fraud schemes hornbilltv.com+5reddit.com+5reddit.com+5.

Such scams often originate from Southeast Asia-based networks using sophisticated tools like rogue apps, fake customer support, and spoofed credentials—tactics seen paralleled in major cases across India.

One prominent recent example occurred in May 2025, when Delhi Cyber Police dismantled a ring that impersonated Aditya Birla Capital via fake trading apps, scamming investors of around ₹48 lakh. The ringleader, 29‑year‑old Jitendra Sharma, used shell companies and dormant bank accounts. Evidence including digital footprints, KYC forms, devices, and ₹80,000 in cash were recovered devdiscourse.com+2news.webindia123.com+2hornbilltv.com+2.

Victims in other regions have reported losses of ₹52 lakh in Noida and ₹90 lakh in Kochi from fake apps impersonating legitimate financial firms—including variations of Aditya Birla’s branding scribd.com+15newindianexpress.com+15timesofindia.indiatimes.com+15.

What This Means for Users

For anyone invested via digital platforms, this breach highlights several critical takeaways:

1. Stay alert to unusual activity: Check holdings and transaction records frequently.

2. Verify app legitimacy: Invest only through official apps downloaded from trusted app stores (Google/Apple). Avoid unknown download links.

3. Enhance account security: Enable two-factor authentication; use strong, unique passwords.

4. Report anomalies immediately: Quickly contact support and file a cybercrime complaint if unauthorized transactions appear.

Ongoing Investigations

• The Mumbai Central Region Cyber Police are actively tracing the hacker using forensic logs, transaction trails, and banking channel analysis.

• Collaborative efforts between ABCD, CERT-In, and law enforcement may help uncover the fraudster’s identity and digital footprint.

• Conceivable next steps include freezing or seizing suspect wallets and accounts, charging the perpetrator under cybercrime and fraud statutes, and pushing for data transparency, with affected customer notifications.

Looking Forward: The Broader Challenge

India’s digital finance landscape has ballooned since the pandemic, but it has also opened new attack vectors for cybercriminals. The ABCD incident underscores the need for:

• Stricter platform security audits and third-party cybersecurity testing.

• Regulatory frameworks mandating vulnerability disclosures in digital wealth apps.

• Widespread consumer education to combat social engineering and phishing.

• A nationwide push for real-time fraud detection and freezing systems tied to mobile transactions and e-commerce.

As more platforms enable real-time financial transactions—from tokenized gold to digital bonds or stock trading—the balance between innovative accessibility and robust cyberdefense becomes paramount.

🔍 In Summary

• A hacker breached the ABCD app and sold ₹1.95 crore of users’ digital gold across 435 accounts.

• The flaw has been patched, affected assets restored, and suspicious banks frozen.

• Investigation is underway, with support from CERT-In, cyber insurance, and law enforcement.

• This case illustrates the vulnerability of digital investment platforms amid growing financial cybercrime.