New joinee placed Rs 2 lakh in free orders, then quit: Startup founder shares hard lesson on internal controls

A shocking post by Arjun Singh, founder of homegrown sneaker brand Gully Labs, has sparked conversation around internal controls and employee misuse in startups. In a candid X (formerly Twitter) post, Singh shared how a newly hired employee allegedly exploited backend access to generate Rs 2 lakh worth of free orders within days of joining – and then quit.

The incident, according to Singh, unfolded within the first week of the employee’s tenure.

“We hired a CS person a couple of months ago. Within the first week of joining he made INR 2L of 100% discount orders – sent to his friends and quit in a week,” Singh wrote.

We hired a CS person a couple of months ago. Within the first week of joining he made INR 2L of 100% discount orders – sent to his friends and quit in a week.

When caught – initially he decided to cooperate and returned half the shoes but the other half were used etc.

Then he… https://t.co/OyxgNOq2OP

— Arjun (@arjuns__) February 21, 2026

Alleged misuse of backend access

Singh explained that the employee, hired for a customer service role, allegedly created multiple 100% discount orders and had them delivered to acquaintances. The total value of the sneakers reportedly touched Rs 2 lakh.

The matter escalated when the company discovered the irregular orders. According to Singh, the employee initially agreed to cooperate. “When caught – initially he decided to cooperate and returned half the shoes but the other half were used etc,” Singh said.

However, the situation soon turned controversial.

Legal notices add to the dispute

In his post, Singh claimed that instead of fully resolving the issue, the former employee began sending legal notices to the company. “Then he started sending legal notices that we were harassing him in response to our notice to return the products or reimburse us!” he added.

The development highlights a growing challenge for startups – balancing speed of hiring and operational flexibility with strong internal checks and safeguards.

Tightening internal systems

In the aftermath of the episode, Singh said the company is strengthening its backend systems to prevent similar incidents in the future.

“So now – we are enabling permissioning on our backend etc. amongst other things,” he wrote.

The term “permissioning” refers to restricting access levels within internal systems so that employees can only access tools and functions relevant to their role – a practice common in larger organisations but sometimes loosely implemented in early-stage startups.

“As brands grow, they have newer set of challenges. Never thought I have to guard customer details, order exports from people in the same organisation due to security concerns. Increases complexity, but no choice,” a user wrote on X.