Gold Glitch Exposed: ABCD Tightens Cyber Defenses After ₹1.95 Crore Digital Heist

Image Source : HDFC Sky

In a major cybersecurity breach that has rattled India’s fintech ecosystem, Aditya Birla Capital Digital Ltd (ABCD) has confirmed that hackers exploited a vulnerability in its mobile application to siphon off digital gold worth ₹1.95 crore from 435 customer accounts. The incident, which occurred on June 9, 2025, has prompted a swift forensic audit, a full-scale police investigation, and a comprehensive overhaul of the platform’s security architecture.

Here’s a detailed breakdown of the breach, the company’s response, and the broader implications for digital asset platforms.

Key Developments and Immediate Response

- The breach was discovered after multiple users reported unauthorized sales of their digital gold holdings via ABCD’s app
- Hackers manipulated the application programming interface (API) between the app and ABCD’s backend server, bypassing OTP verification protocols
- The stolen proceeds were transferred to various personal bank accounts, triggering red flags within the company’s fraud risk management team
- ABCD filed a First Information Report (FIR) with the Central Region Cyber Police in Mumbai on June 24, 2025

Corrective Measures and Platform Restoration

- All affected customer accounts have been restored, and digital gold balances replenished
- ABCD immediately suspended the digital gold selling feature and conducted a forensic audit to identify the breach vector
- The company has since patched the API vulnerability and implemented additional security layers to prevent future exploits
- Fund transfers to suspicious accounts have been frozen, and the firm is working with cyber insurance partners and CERT-In to trace the perpetrators

Broader Security Implications

- The breach highlights growing concerns around API-level vulnerabilities in fintech platforms, especially those dealing with high-value digital assets
- ABCD’s digital gold services, offered in partnership with MMTC-PAMP and processed via Razorpay, are now under enhanced scrutiny
- The incident underscores the need for real-time anomaly detection, multi-factor authentication, and regular penetration testing in financial apps

Market and Regulatory Outlook

- Despite the breach, ABCD’s swift response helped stabilize investor sentiment, with parent company Aditya Birla Capital’s stock showing resilience
- Regulatory bodies are expected to issue fresh advisories on API security and digital gold compliance in the coming weeks
- The case may serve as a precedent for future cybercrime investigations involving tokenized or vault-backed digital assets

As the investigation continues, the ABCD breach serves as a stark reminder that in the digital age, even gold isn’t immune to cyber threats—and that trust must be earned not just through value, but through vigilance.

Sources: CNBC-TV18, Free Press Journal, Hindustan Times Bengaluru, Economic Times, June 30, 2025