Mobikwik App Glitch Leads to ₹40 Crore Fraud, 6 Arrested and 2,500 Accounts Frozen
Share this article:
Mobikwik, a popular digital wallet and payments app, has been hit by a major fraud caused by a software glitch. Between September 11 and 12, 2025, a flaw in its systems allowed transactions to go through even when wallets or linked bank accounts had insufficient balance, or when incorrect passwords were entered.
The glitch resulted in fraudulent transactions worth over ₹40 crore, involving both registered merchants and other users. The issue came to light after an internal audit, following which the company reported the matter to Gurugram Police. Investigations, arrests, and recovery efforts are now underway as authorities trace the flow of funds and hold offenders accountable.
How the Glitch Worked
The flaw allowed transactions to be marked successful under conditions where they should have failed:
Arrests, Accounts Frozen & Recovery
Mobikwik has stated it is fully cooperating with police and financial institutions to trace affected accounts and minimize the net loss.
Legal Implications & Investigation
Impact & Lessons
For Mobikwik, the financial hit remains substantial. Even with partial recovery, the net loss of around ₹26 crore will need to be absorbed or accounted for.
The glitch resulted in fraudulent transactions worth over ₹40 crore, involving both registered merchants and other users. The issue came to light after an internal audit, following which the company reported the matter to Gurugram Police. Investigations, arrests, and recovery efforts are now underway as authorities trace the flow of funds and hold offenders accountable.
How the Glitch Worked
The flaw allowed transactions to be marked successful under conditions where they should have failed:
- Transactions went through despite insufficient wallet or bank balance.
- Wrong passwords sometimes failed to block payments.
- Merchants and other users exploited the flaw to receive funds for invalid transactions.
- As a result, nearly five lakh transactions were processed during the two days the exploit was active.
Arrests, Accounts Frozen & Recovery
- Police arrested six men from Nuh and Palwal in Haryana: Rehan, Waqar Yunus, Wasim Akram, Mohammad Amir, Mohammad Ansar, and Mohammad Sakil.
- Around 2,500 bank accounts were identified as recipients of fraudulent funds; many have been frozen.
- Authorities have so far recovered between ₹8 crore and ₹14 crore.
Mobikwik has stated it is fully cooperating with police and financial institutions to trace affected accounts and minimize the net loss.
Legal Implications & Investigation
- An FIR was filed at Gurugram’s Sector-53 police station on September 13, based on Mobikwik’s complaint.
- Charges under the Bharatiya Nyaya Sanhita include cheating involving valuable security and dishonest misappropriation of property.
- Investigators are probing possible insider involvement, though no evidence has been confirmed so far.
Impact & Lessons
- Users may have seen unexpected credits or debits on those dates; checking bank statements is advised.
- Trust in the platform could suffer unless stronger validation checks such as balance verification and password/PIN authentication are implemented.
- Regulators and digital payment firms must ensure rigorous audits and thorough software testing before rollout.
For Mobikwik, the financial hit remains substantial. Even with partial recovery, the net loss of around ₹26 crore will need to be absorbed or accounted for.
Next Story