Hackers Drain ₹48 Crore Overnight: The Cyber Heist That Shook India's Finance Sector

A Financial Nightmare Unfolds

In one of the most alarming cyber heists of 2025, Wisdom Finance Pvt. Ltd. fell victim to a coordinated digital attack that wiped off nearly ₹48 crore in less than 24 hours.

According to a complaint filed at the Cyber Crime Police Station, the firm detected multiple unauthorised fund transfers between August 6 and 7, routed through foreign IP addresses.

An internal audit confirmed the horrifying truth — these transactions weren't initiated from the company's official systems or IPs, but from servers traced abroad.

The Scale of the Breach

Investigators uncovered 1,782 illegal transfers made to 656 different bank accounts, a clear indication of a well-planned money laundering operation.

Among them, ₹27.39 lakh landed directly in an SBI account belonging to Ismail Rasheed Attar (27), who was soon arrested and remanded to custody.

Further investigation revealed another staggering discovery — ₹5.5 crore had been diverted to a Hyderabad-based firm named Unknown Technologies Pvt. Ltd., which later rerouted the funds to an ICICI Bank account under another suspect's name.

Inside the Cyber Web: From India to Dubai to Hong Kong

The digital trail didn't stop in India. Authorities traced the transactions to servers rented by two individuals in Dubai, who had allegedly hired hackers from Hong Kong to execute the attack.

These hackers exploited vulnerabilities in the bank's API system, bypassing security protocols and initiating unauthorised fund transfers through IP addresses linked to Hong Kong and Lithuania.

Every click, every transfer — planned and executed with surgical precision.

The Attack Blueprint: How They Did It

Cyber forensics revealed a chillingly professional operation involving:

• API Manipulation: Direct interference with the bank's transaction interface.
• IP Spoofing: Using international servers to mask digital footprints.
• Layered Transactions: Splitting large sums into hundreds of micro-transfers to avoid detection.

This wasn't an ordinary phishing attempt — it was a multi-country, multi-layered cyber assault that exposed the fragility of unmonitored financial systems.

ISOEH's Expert Take: "A Wake-Up Call for Every Business"

According to cybersecurity experts at the Indian School of Ethical Hacking (ISOEH), this incident is more than just a financial loss — it's a wake-up call for every organization operating in the digital age.

"This attack shows how easily APIs and financial gateways can be exploited if not protected by advanced monitoring and trained professionals," says ISOEH's Cyber Defence Team.

What Every Company Should Do — Now

To prevent falling victim to similar attacks, ISOEH recommends:

• Conducting regular vulnerability audits
• Training employees in cybersecurity best practices
• Implementing real-time monitoring systems
• Securing APIs and cloud infrastructure with ethical hacking insights

Cybersecurity isn't an option anymore — it's a business survival strategy.

Wake Up Before It's Too Late

Cybercriminals are getting faster, smarter, and global.

The question is — are you prepared?

Indian School of Ethical Hacking helps organizations and individuals build real-world cyber defence skills.

Learn how to safeguard your business before it's too late.