In a disturbing revelation that has sent ripples across the Indian fintech and digital banking landscape, Aditya Birla Capital Digital Limited (ABCD), the flagship digital platform of Aditya Birla Capital, has become the latest victim of a high-profile cyberattack. An unidentified hacker successfully exploited a technical vulnerability in the app, leading to the unauthorized sale of digital gold worth ₹1.95 crore from the accounts of 436 unsuspecting customers.
The Breach: How It Unfolded
The breach came to light on June 9, 2025, when a wave of customer complaints flooded ABCD’s call centre. Most of the affected users were reportedly from Mumbai’s Prabhadevi area, where users began reporting unauthorized transactions involving their digital gold holdings. Some customers even took to social media to raise alarm after noticing that their gold had been sold without their consent and that no corresponding payment had been credited to their accounts.
Following these reports, ABCD’s internal technical team investigated and discovered that the Application Programming Interface (API) of the app had been compromised. This flaw allowed the hacker to bypass security protocols, access user accounts, sell their digital gold holdings, and transfer the proceeds to various personal bank accounts. The company’s systems detected the irregularities and quickly halted the app’s digital gold selling function in a bid to contain the breach.
Swift Action and Damage Control
Reacting promptly, ABCD lodged a First Information Report (FIR) with the Central Region Cyber Police in Mumbai. The case has been filed under sections 318 (4) and 319 (2) of the Bharatiya Nyaya Sanhita, 2023, for cheating and personation, along with relevant sections of the Information Technology Act, 2000.
According to officials from ABCD, all affected digital gold balances have been fully restored to the respective customer accounts. The company stated that it froze suspicious fund transfers across multiple bank accounts and rectified the technical vulnerability that had allowed the breach. As of now, the digital gold buying and selling services on the app have resumed and are reportedly secure.
Ravindra Chaudhary, Head of Fraud Risk Management at ABCD, led the coordination with police authorities to file the official complaint. The company is also actively collaborating with cyber insurance providers, CERT-In (Indian Computer Emergency Response Team), and law enforcement agencies to identify and prosecute the perpetrators.
About the ABCD App: A High-Stakes Digital Platform
Launched in April 2024, the ABCD (Aditya Birla Capital Digital) app was envisioned as a comprehensive one-stop digital financial platform. With an initial investment of ₹100 crore, the app offers over 22 financial products, including digital gold, silver, mutual funds, UPI-based transactions, and insurance services. Users can register on the app using just their mobile number and can access the financial ecosystem seamlessly.
The platform had ambitious goals from the start. According to a statement made in September 2024 by Pankaj Gadgil, MD & CEO of Aditya Birla Housing Finance and the head of digital platforms at Aditya Birla Capital, the app had already onboarded over 1.2 million new users by August 2024. The long-term target is to acquire 30 million users over a three-year span.
Digital gold trading is one of the core services offered through the ABCD app, wherein users can buy gold in fractional quantities digitally. The gold is sourced from MMTC-PAMP, a government-approved vendor. While users can initiate purchases directly through their mobile number, the selling process is guarded by a one-time password (OTP) sent to their registered device. Despite this layered security, the recent hack proved that no digital system is completely immune to exploitation.
Market Reaction and Investor Confidence
Despite the alarming nature of the cyberattack, Aditya Birla Capital Ltd. shares demonstrated remarkable resilience. On the day the news broke, the stock was trading at ₹272.93—up 0.22% intraday—as of 11:28 AM. While the stock did experience a brief dip earlier in the trading session, it quickly stabilized, suggesting that investors were reassured by the company’s swift and transparent crisis response.
The company’s proactive steps—ranging from restoring customer funds to involving law enforcement and upgrading cybersecurity protocols—likely helped temper market volatility and maintained investor confidence in the short term.
Investigations Continue: A Wake-Up Call for Fintech Security
As investigations are still underway, authorities are working to track the hacker and uncover the full extent of the breach. Meanwhile, ABCD’s digital services, particularly digital gold trading, have resumed full operations with upgraded security protocols.
This incident serves as a stark reminder for the entire fintech industry. Even the most sophisticated digital platforms are susceptible to breaches if cyber threats are not continually monitored and mitigated. With increasing digitization and growing adoption of online financial tools, the importance of fortified cybersecurity infrastructure cannot be overstated.
Aditya Birla Capital’s experience underscores the urgent need for periodic security audits, AI-driven threat detection, real-time transaction monitoring, and collaboration with national cybersecurity bodies. The firm’s handling of the situation—marked by transparency, quick response, and restitution—may serve as a crisis management blueprint for others in the space.
Final Thoughts
As Aditya Birla Capital continues its mission to digitize financial services for millions across India, this incident will likely shape its cybersecurity posture for the foreseeable future. It’s a cautionary tale not only for financial institutions but also for users, who must remain vigilant and proactive in securing their digital assets.
While the app remains live and operational, and user balances have been restored, the shadow cast by the breach will linger—at least until those responsible are brought to justice. In the meantime, ABCD is doubling down on securing its infrastructure, reaffirming its commitment to user trust and platform integrity in an increasingly hostile digital world.
With inputs from agencies
Image Source: Multiple agencies
© Copyright 2025. All Rights Reserved Powered by Vygr Media.
