The headquarters of the Bhavnagar District Co-operative Bank at Sahkar Bhavan in Gujarat’s Bhavnagar town was closed over the fourth weekend of February, just like any other weekend. But while the bank remained shut, fraudsters were carrying out a carefully planned cyber heist that would cost the bank more than Rs 7.34 crore.
Within minutes, the accused transferred Rs 7,34,91,682 into 127 different bank accounts after exploiting weaknesses in the bank’s Core Banking System (CBS). The fraud came to light only when the bank reopened on Monday.
Police have so far arrested six people, including one woman, from Ahmedabad, Surat and Mumbai as they unravel what investigators describe as a highly organised cybercrime planned over several months.
The Plot Began Six Months Earlier
According to investigators, the conspiracy began at least six months before the money was stolen. The gang allegedly sent a phishing email to a bank officer. The email appeared to come from a trusted third party or business vendor, increasing the chances that it would be opened. It contained a malicious attachment which secretly installed Trojan Horse malware on the bank’s computer system.
The malware quietly spread through the bank’s Core Banking System, giving the accused access to the bank’s software while remaining undetected. Police have not disclosed the subject of the email or the identity of the officer who received it, as the investigation is still in progress.
Four Accounts Chosen for the Fraud
Detective Inspector RB Vihol, the investigating officer, said the accused carefully selected one low-balance account each from four different branches of the bank.
The gang then changed the mobile phone numbers linked to these accounts. The new numbers were registered in northeastern states, including Mizoram, and were allegedly controlled by the accused themselves. This allowed them to receive transaction alerts and control banking activities linked to those accounts.
Ghost Entries Created Fake Balance
Once they gained access to the Core Banking System, the accused allegedly manipulated the software by creating ghost entries in the four selected accounts.
These fake entries showed a combined balance of Rs 7,34,91,682, even though no such money actually existed in those accounts. Using these fake balances, the accused carried out genuine fund transfers and moved the money into 127 different mule bank accounts.
A mule account is a bank account used to receive or transfer illegally obtained money on behalf of fraudsters, making it harder for investigators to trace the stolen funds.
Explaining the fraud, Detective Inspector Vihol said the accused manipulated the Core Banking System to create fake balances and then used those balances to transfer real money out of the bank.
Fraud Carried Out While Bank Was Closed
Bank officials said the accused deliberately chose a weekend to execute the fraud because there would be no staff present at the headquarters. Jitendrakumar K. Kevadiya, General Manager of the Bhavnagar District Co-operative Bank, said the fraud was made possible due to weaknesses in the bank’s cybersecurity.
“They hacked the system and due to deficiencies in the cybersecurity, they were able to make ghost entries and then transfer the amount, resulting in fraud. They did it on a weekend when nobody was at the bank. Most of the customers of our bank are farmers,” he said.
Internal Inquiry Before FIR
After discovering the fraud, the bank first conducted an internal investigation to understand how the cyberattack had taken place. Following this inquiry, an FIR was registered on March 11 by the CID (Crime), Gandhinagar, based on a complaint filed by a bank officer. The case was later transferred to the Cyber Centre of Excellence.
Police registered offences under multiple sections of the Bharatiya Nyaya Sanhita (BNS) along with provisions of the Information Technology Act.
Six Arrested in Three Cities
The investigation led police to several suspects across Gujarat and Maharashtra. On April 19, four accused were arrested:
Sushilkumar Vinodkumar Meghwal (32) from Ahmedabad
Rubina (31) from Ahmedabad
Adnan Usman Shaikh (24) from Ahmedabad
Kishor Prabhakar Pardeshi (43) from Mumbai
Nearly three months later, on July 3, police arrested two more accused from Surat: Mohammad Khaliq Gulam Hussain (40), and Shoaib Gulamnabi Rana (38).
With these arrests, the total number of accused held in the case has reached six. All are currently in judicial custody, and investigators are examining their backgrounds and how they came together to plan the cyber heist.
Core Banking System Shut Down
After the fraud was detected, the bank shut down its Core Banking System for eight days to conduct an internal inquiry and reconcile customer accounts.
Its mobile banking application and other online banking services remained suspended for an even longer period while security vulnerabilities were addressed.
Kevadiya said the bank also carried out a banking audit as required under government regulations, replaced all its servers and resumed operations only after completing the required security upgrades.
RBI and CERT-In Guided the Security Upgrade
The bank strengthened its cybersecurity based on recommendations from experts and government agencies. These included:
Auditors from the Reserve Bank of India (RBI)
Experts from CERT-In (Indian Computer Emergency Response Team) under the Union Ministry of Electronics and Information Technology
The Cyber Centre of Excellence of Gujarat Police
Their recommendations were implemented before banking services were fully restored.
Weak Banking Software Helped the Hack
According to investigators, the fraud succeeded because the bank’s Core Banking System had not been upgraded for several years and contained several security vulnerabilities.
Vivek Bheda, Superintendent of Police at the Gujarat Police’s Cyber Centre of Excellence, said the phishing email impersonated a business or vendor so that the recipient would open the attachment containing the malware.
Once installed, the malware worked silently in the background, infecting the bank’s Core Banking System and giving the accused access to its software.
Bheda also said the company providing the bank’s Core Banking System had been blacklisted by several other banks, and the accused took advantage of these weaknesses to execute the fraud.
Rs 2.04 Crore Frozen
Police have managed to freeze Rs 2.04 crore of the stolen Rs 7.34 crore by identifying and freezing some of the bank accounts used in the money trail. Efforts are continuing to trace and recover the remaining amount.
Bank to Shift to TCS Banking System
Following the cyberattack, the Bhavnagar District Co-operative Bank has decided to migrate to a new Core Banking System supported by Tata Consultancy Services (TCS).
Kevadiya said the agreement with TCS had already been signed before the cyber fraud took place, and the migration to the new system is expected to be completed by July 10.
Crores to Be Spent on Cybersecurity
The bank will spend an undisclosed amount running into several crores of rupees to strengthen its cybersecurity infrastructure and upgrade its banking software.
In addition, it will spend around Rs 30 lakh every month—approximately Rs 3.6 crore annually—on cybersecurity upgrades and software maintenance. Kevadiya said restoring customer confidence is the bank’s highest priority.
“That amount is not as important as restoring the reputation of this institution,” he said.
Reassuring Customers
Since the fraud came to light, senior bank officials, including the chairman and directors, have visited several talukas of Bhavnagar district to meet customers personally.
They assured customers that every effort is being made to strengthen the bank’s systems, improve cybersecurity and ensure that such an incident does not happen again.
Also Read: Ahmedabad 2008 Serial Blasts: Gujarat HC Upholds Death Sentences For 38, Life Terms For 11 https://www.vibesofindia.com/gujarat-high-court-upholds-death-penalty-38-convicts-2008-ahmedabad-serial-blasts/










