Flipkart co-founder Sachin Bansal’s Navi Technologies defrauded of Rs 14.26 cr via payment gateway bug

Flipkart co-founder Sachin Bansal’s financial products and services startup Navi Technologies has fallen victim to a cyber fraud. The company has alleged that it was cheated of Rs 14.26 crore in 14 days in December 2024 by miscreants who posed as customers and misused a bug to defraud the company, according to media reports. 

According to a complaint filed by Srinivas Gowda, a vigilance officer at the company, at the Whitefield Cyber Crime Police in Bengaluru, the company had given a payment option to customers for mobile recharge, EMIs, and other services from its app between December 10 and 24, The Hindu reported.

However, a bug — after a third-party application provider (TPAP) payment gateway provided option to edit the amount to be paid after the process on the Navi app – led to the fraud. Misusing this, people made payments through the app and then went to the TPAP to edit the amount to Re 1.

This led to a success report of the transaction, according to which Navi Technologies paid the full amount selected on their app. This modus operandi led to the fraud of Rs 14.26 crore, the company said in its complaint. 

This indicates that the perpetrators exploited a vulnerability in the third-party payment gateway system which allowed them to change the payable amount post completion of the transaction on the Navi app.

This means that by triggering payments and subsequently changing the amount to Re 1 on the payment gateway, the miscreants triggered success reports which led to Navi processing full payments based on the original amount displayed on the app.