Bhavnagar Bank Hacking: 3 more arrested, total reaches 10 in ₹7.34 crore CBS fraud

Share:
Audio Loading voice…
Bhavnagar Bank Hacking: 3 more arrested, total reaches 10 in ₹7.34 crore CBS fraud

Synopsis

Gujarat's Cyber Centre of Excellence has now arrested 10 people in the Bhavnagar District Co-operative Bank hack — a case where fraudsters exploited a CBS software vulnerability to conjure ₹7.34 crore out of thin air and scatter it across 135 bank accounts. Investigators say the same CBS flaw may have hit 14–15 banks across India, making this a potential systemic threat to cooperative banking infrastructure nationwide.

Key Takeaways

Gujarat Police arrested 3 more accused on 10 July in the Bhavnagar District Co-operative Bank hacking case, taking total arrests to 10 .
The accused — Anil Agrawat (Surat), Bhumil Patel (Vasad), and Vikas Chaudhary (Rajasthan) — allegedly arranged bank accounts to route fraud proceeds.
Hackers allegedly exploited a Core Banking System (CBS) vulnerability to artificially inflate balances and transfer ₹7.34 crore across 135 accounts .
The same CBS software flaw reportedly affected between 14 and 15 banks across India, according to investigators.
Police have warned the public against renting out bank accounts, ATM cards, or SIM cards to unknown persons.

Gujarat Police's Cyber Centre of Excellence has arrested three more individuals in connection with the hacking of Bhavnagar District Co-operative Bank Ltd., bringing the total number of arrests in the case to 10. The latest detentions, announced on 10 July, relate to the alleged routing of ₹7.34 crore in fraudulently generated funds through a network of manipulated bank accounts.

Who Was Arrested

The three newly arrested accused have been identified as Anil Agrawat, 36, a resident of Kosad in Surat; Bhumil Patel, 32, from Vasad; and Vikas Chaudhary, 28, from Chomu in Rajasthan. Investigators allege each played a distinct role in facilitating the financial leg of the cyber fraud.

According to police, one of the four bank accounts allegedly manipulated during the hack belonged to Agrawat, who is accused of having rented it out. Patel allegedly activated internet banking on the account, set login credentials, and forwarded them to Chaudhary. Investigators further allege that Chaudhary and Patel initially travelled to Bhavnagar to open Agrawat's account but were turned away due to documentation issues; the pair reportedly returned with additional paperwork and successfully opened the account on a subsequent visit.

How the Fraud Was Carried Out

Investigators allege that the primary perpetrators illegally accessed the bank's server, computer systems, database, and Core Banking System (CBS), manipulating electronic records to artificially inflate account balances. According to police, the balances in four existing accounts were fraudulently raised to between ₹1 crore and ₹2 crore each by replacing the registered mobile numbers with those controlled by the accused.

The fabricated balances were then used to transfer a total of ₹7,34,91,682 — approximately ₹7.34 crore — across 135 different bank accounts, dispersing the proceeds widely to complicate tracing. Examination of mobile phones and bank account records led investigators to the three newly arrested individuals, who are alleged to have arranged accounts specifically to receive and distribute the fraud proceeds.

Wider Vulnerability Flagged

A significant detail to emerge from the investigation is that the CBS software vulnerability exploited in this case had reportedly affected between 14 and 15 banks across India, according to investigators. This suggests the Bhavnagar breach may not be an isolated incident but part of a broader pattern of CBS-targeted attacks on cooperative banks — institutions that have historically lagged larger commercial banks in cybersecurity infrastructure.

Notably, this is among the larger cooperative bank cyber frauds to surface in Gujarat in recent years, and the scale of the dispersal network — 135 accounts across multiple states — points to an organised operation rather than opportunistic hacking.

Police Advisory

The Cyber Centre of Excellence has urged the public not to rent out bank accounts, ATM cards, cheque books, or SIM cards to unknown individuals under any circumstances. It has also cautioned against investing through social media advertisements on platforms such as Facebook, Instagram, WhatsApp, and Telegram that promise unusually high returns in a short period. Anyone approached with such requests is advised to report the matter to the nearest police station or cybercrime authorities.

Investigators are continuing to examine whether the three newly arrested accused had direct links with the core hacking network. Further arrests in the case have not been ruled out.

Point of View

Not a bank's own audit or regulator action. Cooperative banks serve crores of rural and semi-urban depositors who have little recourse when funds evaporate; the systemic risk here is disproportionate to the media attention the sector receives. The money-mule network — 135 accounts across multiple states — also underscores how organised the fraud ecosystem has become, with recruiters, account renters, and credential handlers operating in distinct, insulated layers that slow down investigators. Regulators need to ask why a known CBS vulnerability was not patched across all affected institutions before a ₹7.34 crore loss forced the question.
NationPress
11 Jul 2026

Frequently Asked Questions

What happened in the Bhavnagar District Co-operative Bank hacking case?
Hackers allegedly exploited a vulnerability in the bank's Core Banking System (CBS) to artificially inflate balances in four accounts and transfer ₹7.34 crore to 135 different bank accounts. Gujarat Police's Cyber Centre of Excellence has so far arrested 10 people in connection with the case.
Who are the three newly arrested accused?
The three are Anil Agrawat, 36, from Kosad in Surat; Bhumil Patel, 32, from Vasad; and Vikas Chaudhary, 28, from Chomu in Rajasthan. They are accused of arranging and operating bank accounts used to receive and distribute the fraud proceeds.
How did the CBS fraud work?
Investigators allege the accused accessed the bank's Core Banking System, replaced registered mobile numbers on four accounts with their own, and artificially raised each account's balance to between ₹1 crore and ₹2 crore. The fabricated funds — totalling ₹7.34 crore — were then dispersed across 135 accounts to obscure the trail.
How many banks were affected by the CBS vulnerability?
According to investigators, the same CBS software vulnerability exploited in the Bhavnagar hack had affected between 14 and 15 banks across India. The full extent of losses at other institutions has not yet been publicly disclosed.
What precautions has Gujarat Police advised the public to take?
The Cyber Centre of Excellence has urged people not to rent out bank accounts, ATM cards, cheque books, or SIM cards to unknown persons, and to report anyone soliciting such services to the nearest police station or cybercrime authority. It has also warned against investing through social media platforms promising unusually high returns.
Nation Press
The Trail

Connected Dots

Tracing the thread behind this story — newest first.

8 Dots
  1. Latest 1 week ago
  2. 2 weeks ago
  3. 1 month ago
  4. 2 months ago
  5. 2 months ago
  6. 2 months ago
  7. 4 months ago
  8. 1 year ago
Google Prefer NP
On Google