Mobikwik’s ₹40 Crore Glitch-Gate: How a Software Slip Turned Wallets Into Wells of Fraud

One Mobikwik Systems Ltd faced a major technical issue on September 11-12, 2025, leading to unauthorized payouts of over Rs 40 crore in a brief, sharp fraud incident centered in Haryana. The company has clarified the incident did not impact UPI or wallet payments or customer data. Arrests have been made, accounts frozen, and substantial funds are already recovered as active investigations continue. Here is a detailed breakdown of the event and responses as of September 18, 2025.

Key Highlights of the Incident

• Technical glitch occurred due to a software update on September 11-12, causing certain failed transactions to be incorrectly marked as successful.
• Unauthorized payouts totaling around Rs 40.22 crore siphoned off, primarily affecting merchants in Haryana’s Nuh and Palwal districts.
• Over 5 lakh fraudulent transactions processed exploiting the system vulnerability.
• Around 2,500 bank accounts involved have been identified and frozen as part of recovery and investigation efforts.
• Six men have been arrested; their bank accounts held a portion of the fraud amount.
• The company recovered Rs 8-14 crore so far; net loss estimated around Rs 26 crore post recovery.
• FIR filed, police actively investigating with possible insider involvement under review.
• One Mobikwik confirmed no impact on UPI transactions, wallet balances, or customer information.
• Technical issue resolved swiftly within 45 minutes of detection.

Incident Details and Timeline
On September 11 and 12, One Mobikwik Systems Ltd experienced a critical software glitch after a recent software update. The flaw allowed transactions that lacked sufficient wallet balances and even with incorrect UPI PINs to be marked as successful. This loophole was exploited by certain merchants and users allegedly colluding to divert funds illegally into thousands of bank accounts across Haryana districts, particularly around Nuh and Palwal.

The fraudulent activity involved nearly 5 lakh transactions over two days. An internal audit on September 13 flagged suspicious transactions, prompting the company to alert the Gurugram police immediately.

Financial Impact and Recovery Efforts
The fraudulent transactions led to an estimated Rs 40 crore loss. Following notification, law enforcement froze approximately 2,500 bank accounts implicated in receiving unauthorized funds. Close to Rs 8 crore has already been recovered by authorities, and the company claims ongoing recovery efforts have retrieved roughly Rs 14 crore. The net financial impact to One Mobikwik is thus estimated to be around Rs 26 crore.

Investigation and Legal Measures
Gurugram police have arrested six men linked to the scam from Nuh and Palwal areas. The accused individuals admitted to manipulating the glitch to conduct fraudulent transactions. Police suspect possible insider assistance but have confirmed no company employees or key personnel are directly involved at this stage.

An FIR has been lodged, and authorities continue the investigation vigilantly. Legal enforcement agencies imposed debit freezes and lien marks on the bank accounts where unauthorized settlements were credited. Police are also seeking help from the public to report any unexplained payments arising from this incident in the affected Haryana districts.

Company’s Official Statement and Response
One Mobikwik Systems Ltd emphasized that the incident was not a cybersecurity breach but a limited internal processing error, now fully resolved. The company assured customers that no UPI or wallet payments, account balances, or sensitive data were compromised.

The technical glitch was quickly identified and rectified within 45 minutes on September 12. One Mobikwik announced enhanced monitoring systems and additional controls have been implemented to prevent recurrence. It stressed that its digital payment services remain fully safe and secure.

Impact on Market and Future Outlook
Following public disclosure, One Mobikwik's share prices experienced a modest drop, reflecting market caution over the incident. Despite the setback, the company is cooperating fully with authorities and remains focused on risk mitigation and recovery.

This fraud incident underscores the ongoing challenges for fintech companies in securing digital payments and highlights the critical importance of robust software testing and transaction monitoring to safeguard platform integrity.

Source: Money.rediff.com, Times of India, Business Standard, Economic Times, Business Today

STORIES YOU MAY LIKE

Sasken Technologies Ltd Partners with VicOne to Elevate Automotive Cybersecurity Standards

When Ust-Luga Went Silent: Novatek’s Bold Move to Keep Condensate Exports Afloat

Adani Group Exonerated by SEBI: Hindenburg Claims Declared Baseless in Landmark Verdict