Investigations into the siphoning off of Rs 1.42 crore from Bank of Maharashtra have revealed that two of the accused allegedly committed a similar crime in Pune earlier this month. On Friday, the Bank of Maharashtra registered a complaint against 22 residents of Bhayander, accusing them of hacking its central server in Mumbai and exploiting a flaw in the central government’s United Payments Interface (UPI) mobile application to siphon off Rs 1.42 crore from the bank.
The Thane Rural police have identified Bhayander resident Bharat Gawale and an Aurangabad native, Deepak, as the main accused, who allegedly roped in residents with accounts at the bank’s branch in Bhayander East for the crime.
In the Pune case, the police said the men had allegedly brought together nearly 50 account-holders of the bank’s branch in Pune, promising them returns in exchange for the illegal transactions being routed through their accounts.
The bank lost Rs 6 crore between December 2016 and January 2017.
The Pune police had booked 50 people in the case and its cyber cell is looking for the same men. Gawale is absconding.
In the latest case involving the Bhayander residents, exploiting a bug in the UPI app launched last year, the accused, having hacked the bank’s central server in Mumbai, made 142 “request money” transactions between December 26, 2016 and January 18, 2017.
According to the police, the transactions were successful even though the accounts of the accused did not have sufficient balance.
The bug in the app ensured that messages of insufficient balance were not communicated to the bank’s server, which approved the transactions.
When the irregularities came to the bank’s notice on January 18, it conducted an internal investigation before filing a complaint with the police in Pune and Bhayander.
“The account-holders were paid 40 per cent of each transaction, while the main accused kept the rest of the amount,” an officer said.