“Sir, there’s something wrong with the balance sheet… the numbers just aren’t adding up.”
Sumit Srivastava, IT head at Nainital Bank’s Noida branch, leaned over his desk, eyes glued to the screen, his voice barely rising above a whisper.
It was 9:42 AM on a humid June morning. What looked like a routine mismatch in entries turned out to be a rabbit hole far deeper than anyone in the branch had anticipated.
By lunchtime, the alarm bells had been rung.
When people think of cybercrime, they often imagine a hacker in a dark room, strings of code flashing across multiple monitors.
But this wasn’t a movie. This was real. And it was happening in the heart of one of India’s financial centers.
The bank’s internal server had been compromised, hacked by a gang operating from within the country, and as it turns out, with help from abroad.
In total, ₹16.71 crore had been quietly drained from the bank’s vault, bit by bit, across 89 different accounts in various banks.
It was slow, calculated, and almost invisible like water leaking through the tiniest cracks.
“How is this even possible?” a senior official from Nainital Bank reportedly said in a closed-door meeting the following day.
“They used our own manager’s login credentials. Our own keys to open our vaults.”
The Players Behind the Curtain
The operation wasn’t a solo gig. Police arrested four individuals, one of them a foreign national named Alex.
Reports describe him as a cyber fraud expert who had been in India for almost a decade.
He wasn’t here as a tourist; he was here to operate.
Alex wasn’t your typical scammer. Reports suggest he was smooth, methodical, and knew exactly how to avoid the digital tripwires most institutions set up.
He didn’t need to break doors, he waited for someone to leave them slightly ajar.
And then there was Shavez, the man allegedly supplying personal bank details of unsuspecting citizens.
Those 89 bank accounts? Not dummies. These were real accounts of real people, either bought, borrowed, or stolen.
When police finally cracked down on them, they found a goldmine of evidence—passports, SIM cards, laptops, checkbooks, ₹20 lakh worth of party drugs, and cash.
The Aftermath: More Than Just Money Lost
The recovery? Just ₹69.49 lakh. A mere fraction of what was stolen.
The rest, likely funneled through a web of money mules, digital wallets, or perhaps already gone overseas.
This wasn’t just a breach of cybersecurity. It was a breach of trust.
The kind of scam that rattles not just a bank’s operations but the very confidence people place in the system.
But the bigger question looms—if a scheduled bank like Nainital Bank can be hacked without anyone noticing for days, what does that say about the digital safety net of smaller financial institutions & an individual’s account?
Lessons for the Everyday Investor
You don’t need to be a bank to learn from this story.
- Never ignore small anomalies in digital statements. That “₹1,500 debit” you brushed off? It might be a test run by someone probing your account.
- Always enable 2-factor authentication, not just on your bank app, but emails and any login tied to money.
- Don’t share or store passwords, even with someone you “trust.” Most of the inside jobs start there.
“A scam like this doesn’t just happen overnight,” said one cybercrime official.
“It takes weeks of planning, and one moment of carelessness from us to pull it off.”
In the end, it’s not just about catching criminals. It’s about staying one step ahead of them.
Because in the digital world, every click leaves a footprint—and the ones you don’t notice might just be the ones that cost you the most.
