Digital payments firm MobiKwik is suffering from a major technical glitch that resulted in the company losing an estimated Rs 40 crore from its accounts over a period of 48 hours. The cyberattack incident, which took place on September 11 and 12, saw more than 5 lakh fraudulent UPI transactions drain the company’s funds and is now seen as the second major security breach for the company.
According to reports, the fraud involving MobiKwik was triggered by a recent software update that created a vulnerability in the company’s system. This flaw allowed users to initiate transactions with amounts that exceeded their available wallet balances. In some cases, fraudsters were able to initiate transactions with incorrect UPI PINs as well.
Surprisingly, the unusual outflow of funds went unnoticed until a MobiKwik employee, who was conducting a routine audit on September 13, detected the irregularities.
MobiKwik glitch costs company Rs 40 crore
Soon after the detection, the company informed the law enforcement authorities, who responded by arresting six individuals in connection with the scam. Authorities have managed to freeze approximately Rs 8 crore across 2,500 beneficiary accounts identified as recipients of the fraudulent transfers.
According to a MobiKwik spokesperson, the company has so far recovered Rs 14 crore and is working to reclaim the remaining funds as quickly as possible. As of now, the company’s net financial impact is estimated at Rs 26 crore.
MobiKwik case suspected to be an inside job
As the investigation is underway, authorities suspect that the sophisticated nature of the operation points to a potential inside job. Reports say that authorities are currently coordinating with various banks to track and recover the remaining money that’s been illegally transferred.
The Nuh police have also issued a public advisory, urging citizens to come forward and report any unexplained cash transfers on September 11 or 12, to the nearest police station.
