A major cybercrime incident has surfaced, as hackers managed to breach the account of the payment gateway service provider Safexpay Technology Pvt Ltd (STPL) and make off with more than Rs 16,180 crore ($2 billion).

According to reports, the Safexpay hacking included illegal operations where money was methodically drained from various bank accounts, some of which had been illicitly transferred abroad over a prolonged period of time. The STPL cyberattack was disclosed by Thane Police authorities in Maharashtra.

The Safexpay cyberattack has been registered at Shrinagar Police Station, with the Thane Police Cyber Cell collaborating to probe the matter, as announced by high-ranking officials.

What We Know About the Safexpay Hack

The scam came to light when a complaint was filed, alleging that unidentified individuals had successfully hacked into the payment gateway of the six-year-old STPL, subsequently diverting the funds into hundreds of bank accounts.

Investigators of the STPL cyberattack have traced a substantial sum of approximately Rs 25 crore (roughly 3 million USD) that was siphoned from STPL. This amount was found in the HDFC Bank account of a Thane-based company named Riyal Enterprises.

This enterprise operates five branches within the city and its suburbs. Speaking on the development, Police said, “The hackers got hold of the company’s escrow bank account in a well-known national bank and transferred around ₹25 crore to different unknown accounts.”

Further investigation into Riyal Enterprises revealed a web of at least 260 accounts scattered across various banks, all implicated in the financial fraud.

A preliminary examination of 260 accounts revealed a massive misappropriation of around Rs 16,000 Crore ($2 bn), with a substantial portion diverted to foreign accounts.

According to the Thane police officer statement, upon visiting their premises, they discovered multiple bank accounts and agreements.

STPL Cyberattack is Not New

Although reports of STPL cyberattack indicate that the scam had been ongoing for some time, it only came to light in April when a complaint was filed regarding the unlawful diversion of more than Rs 25 crore.

Subsequent investigations have unveiled that the initial complaint was merely the tip of the iceberg, as the full scale of the scam could potentially surpass Rs 16,000 Crore ($2bn).

The Naupada Police, last Friday, officially registered a First Information Report (FIR) against several individuals, including Jitendra Pandey, Sanjay Singh, Amol Andhale (alias Aman), and Sameer Dighe (alias Kedar), citing various sections of the Indian Penal Code and the Information Technology Act.

The ongoing investigation on Safexpay cyberattack is being conducted by the teams from Thane Police and its Cyber Cell.

However, it’s important to note that no arrests have been made at till now. Jitendra Pandey, one of the accused, is believed to be a key figure with nearly a decade of experience in the banking sector.

Law enforcement authorities suspect that there may be numerous other individuals involved in this extensive Safexpay cyberattack, which includes the creation of bank accounts using fraudulent documents and the establishment of five partnership firms with counterfeit paperwork, all with the intent of deceiving the government.

STPL cyberattack: Rising Tide of Cybercrime in India

Prior to this incident, a group of Himachal Pradesh-based scammers scammed hundreds of investors, collecting over Rs 200 crore in ill-gotten earnings during a five-year period beginning in 2018.

Those accused of being affiliated with the gang attracted people by promising them large gains in a short period of time through bitcoin investments, thereby developing a network of investors.

This highlights that STPL cyberattack is not an only incident, as it mirrors the growing threat of cybercrimes in India. Such incidents emphasize the urgent need for enhanced cybersecurity measures and increased vigilance in the digital landscape.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.