A major cyber fraud has shaken Mumbai’s Prabhadevi area, where hackers managed to breach the Aditya Birla Capital Digital Limited (ABCD) app and illicitly sell digital gold worth approximately Rs 1.95 crore. The incident has left 435 customers impacted, exposing vulnerabilities in one of India’s prominent fintech platforms. The breach came to light when several users began noticing unauthorized sales of their digital gold holdings and promptly reported the suspicious transactions to the company’s call center.
The ABCD app, launched as a comprehensive financial services platform, allows customers to buy and sell digital gold, among other financial products. The digital gold purchased through the app is sourced from government-approved MMTC-PAMP and stored securely. However, this security was compromised when a hacker manipulated the app’s protocols, bypassed mandatory OTP verification, and sold digital gold from hundreds of user accounts. The proceeds from these unauthorized transactions were then transferred to various personal bank accounts, making the fraud both widespread and sophisticated.
How the Breach Was Discovered and Investigated:
The breach was first detected on June 9, 2025, after a surge of complaints from customers who found their digital gold sold without their consent. The technical team at Aditya Birla Capital quickly identified that the breach occurred due to a vulnerability in the API that connects the ABCD app to its backend server. This allowed the hacker to bypass OTP-based authentication, a critical security step meant to prevent unauthorized transactions.
Upon discovering the breach, Aditya Birla Capital Digital immediately suspended the digital gold selling feature on the app to prevent further losses. The company’s Head of Fraud Risk Management, Ravindra Rajmal Chaudhary, filed a First Information Report (FIR) with the Central Region Cyber Police in Mumbai. The cyber cell promptly initiated a detailed forensic and technical probe into the breach, with the company providing technical logs and a list of impacted users to aid the investigation.
The breach was not limited to a single or a handful of accounts but targeted a large group of users, making it one of the most significant digital gold thefts reported in India’s fintech sector. The hacker’s ability to manipulate transaction protocols and bypass security measures has raised concerns about the robustness of digital platforms handling sensitive financial transactions.
Company Response and Customer Assurance:
In the immediate aftermath of the breach, Aditya Birla Capital Digital took several remedial steps to contain the damage and reassure its customers. The company froze suspicious fund transfers that had been routed to various personal bank accounts, ensuring that no further unauthorized withdrawals could take place. Additionally, the technical flaw that enabled the hack was swiftly fixed, and the digital gold selling feature was restored only after security was reinforced.
Crucially, Aditya Birla Capital Digital restored all affected digital gold holdings to the impacted customers, ensuring that no financial loss remained for them. The company also collaborated with its cyber insurance partners, law enforcement agencies, and CERT-In to strengthen its cybersecurity framework. The digital gold services on the platform remain active and secure, with officials emphasizing that the app is now safe for customer use.
The company’s rapid response and transparent communication have helped stabilize the situation, even as the investigation to trace the perpetrators continues. Shares of Aditya Birla Capital Ltd. reflected resilience in the market, regaining stability after an initial dip following news of the breach.
Lessons for the Fintech Industry and the Road Ahead:
A clear warning of the constant dangers in the digital financial ecosystem has been provided by this tragedy. Strong cybersecurity safeguards are more important than ever as fintech apps for wealth management, payments, and investments gain popularity. The industry has urgently called for more robust security procedures, frequent vulnerability assessments, and increased consumer knowledge of digital safety in response to the Aditya Birla Capital hack.
Authorities are continuing their investigation, focusing on tracing the digital trail left by the hacker and identifying any accomplices. The case has also highlighted the importance of timely detection and swift action in minimizing the impact of cyber fraud.
For customers, the episode underscores the importance of monitoring account activity and promptly reporting any suspicious transactions. For fintech companies, it is a wake-up call to continuously upgrade security infrastructure and ensure that customer trust remains uncompromised.
The industry will be closely monitoring any additional steps taken to stop future breaches of this kind. In India’s digital banking scene, the Aditya Birla Capital app hack is an important instance that highlights the advantages and disadvantages of swift technology development.
