What Happened to the Users’ Digital Gold?
In a major digital theft, hackers sold digital gold belonging to 436 users of a financial services app. These users were customers of Aditya Birla Capital Digital Limited (ABCD). The stolen gold was worth ₹1.95 crore.
The company lets people buy and sell digital gold, silver, mutual funds, and other financial products through its mobile app. Normally, users can buy digital gold by registering their mobile numbers. When they want to sell the gold, they get a One-Time Password (OTP). This OTP is needed to go to the payment section and get their money safely.
However, something went very wrong earlier this month. The company’s tech team discovered that a hacker had breached the app’s system, known as an API. This allowed the hacker to sneak into the system and sell digital gold without the real users knowing about it.
The hacker didn’t just sell a small amount. They sold digital gold that belonged to hundreds of customers. Once sold, the money was transferred into the hacker’s own bank accounts. This left the actual owners of the gold shocked and confused.
How the Scam Was Discovered
The theft was not noticed immediately. It came to light on June 9, 2025. That morning, many customers started calling ABCD’s call centre. They complained that someone had sold their digital gold without asking them. Even worse, they hadn’t received any money for it.
As soon as these calls began, the company started investigating. They quickly found that something was seriously wrong. They immediately stopped the option to sell digital gold on the app to prevent further damage.
Cyberattack Exposes Melbourne Hospital Patients Data on Dark Web
The technical team of ABCD looked deeper into the problem. They found that someone had tampered with their API — this is the bridge that connects different parts of the app’s services. Through this loophole, the hacker was able to sell gold that didn’t belong to them.
By the time the company caught the scam, the hacker had already sold digital gold from 436 different users. The company suffered a huge loss of nearly ₹2 crore.
What the Police Are Doing Now
After the fraud came to light, the head of fraud risk management at ABCD filed a police complaint. The case is now being handled by the Central cyber police.
The police have registered the case under the Bharatiya Nyaya Sanhita, 2023. They used Section 318 (4) which deals with cheating, and Section 319 (2) which is about cheating by pretending to be someone else. They also added relevant parts of the Information Technology Act, 2000.
The police said the hacker is still unknown. They are trying to find out who was behind this crime and how exactly they managed to break into the system. The bank accounts where the stolen money was sent are also being looked into.
Pro-Iran Hackers Launch Cyber Attacks on U.S. Infrastructure After Military Action
So far, it is clear that the hacker managed to bypass the app’s security by taking control of the API. This gave them access to user accounts and allowed them to sell digital gold. Normally, selling would require an OTP, but the hacker likely found a way to avoid that too.
The case shows how important strong cyber security is, especially when people trust apps with their money and investments. The app remains under review and has paused digital gold selling until the investigation is complete.
This theft has not only affected hundreds of users but also raised serious concerns about digital safety on financial platforms.
