Bhavnagar Bank Hacking: 3 more arrested, total reaches 10 in ₹7.34 crore CBS fraud
Synopsis
Key Takeaways
Gujarat Police's Cyber Centre of Excellence has arrested three more individuals in connection with the hacking of Bhavnagar District Co-operative Bank Ltd., bringing the total number of arrests in the case to 10. The latest detentions, announced on 10 July, relate to the alleged routing of ₹7.34 crore in fraudulently generated funds through a network of manipulated bank accounts.
Who Was Arrested
The three newly arrested accused have been identified as Anil Agrawat, 36, a resident of Kosad in Surat; Bhumil Patel, 32, from Vasad; and Vikas Chaudhary, 28, from Chomu in Rajasthan. Investigators allege each played a distinct role in facilitating the financial leg of the cyber fraud.
According to police, one of the four bank accounts allegedly manipulated during the hack belonged to Agrawat, who is accused of having rented it out. Patel allegedly activated internet banking on the account, set login credentials, and forwarded them to Chaudhary. Investigators further allege that Chaudhary and Patel initially travelled to Bhavnagar to open Agrawat's account but were turned away due to documentation issues; the pair reportedly returned with additional paperwork and successfully opened the account on a subsequent visit.
How the Fraud Was Carried Out
Investigators allege that the primary perpetrators illegally accessed the bank's server, computer systems, database, and Core Banking System (CBS), manipulating electronic records to artificially inflate account balances. According to police, the balances in four existing accounts were fraudulently raised to between ₹1 crore and ₹2 crore each by replacing the registered mobile numbers with those controlled by the accused.
The fabricated balances were then used to transfer a total of ₹7,34,91,682 — approximately ₹7.34 crore — across 135 different bank accounts, dispersing the proceeds widely to complicate tracing. Examination of mobile phones and bank account records led investigators to the three newly arrested individuals, who are alleged to have arranged accounts specifically to receive and distribute the fraud proceeds.
Wider Vulnerability Flagged
A significant detail to emerge from the investigation is that the CBS software vulnerability exploited in this case had reportedly affected between 14 and 15 banks across India, according to investigators. This suggests the Bhavnagar breach may not be an isolated incident but part of a broader pattern of CBS-targeted attacks on cooperative banks — institutions that have historically lagged larger commercial banks in cybersecurity infrastructure.
Notably, this is among the larger cooperative bank cyber frauds to surface in Gujarat in recent years, and the scale of the dispersal network — 135 accounts across multiple states — points to an organised operation rather than opportunistic hacking.
Police Advisory
The Cyber Centre of Excellence has urged the public not to rent out bank accounts, ATM cards, cheque books, or SIM cards to unknown individuals under any circumstances. It has also cautioned against investing through social media advertisements on platforms such as Facebook, Instagram, WhatsApp, and Telegram that promise unusually high returns in a short period. Anyone approached with such requests is advised to report the matter to the nearest police station or cybercrime authorities.
Investigators are continuing to examine whether the three newly arrested accused had direct links with the core hacking network. Further arrests in the case have not been ruled out.