ED uncovers ₹285 crore fraud using fake apps, multilayered bank accounts, and crypto routes

India’s Enforcement Directorate (ED) has raised its investigation into a nationwide cyber-fraud operation after identifying a large money-laundering network that routed criminal proceeds through traditional banking channels and cryptocurrency platforms.

The agency’s Hyderabad Zonal Office has attached ₹8.46 crore held across 92 bank accounts, including financial balances connected to CoinDCX and a selection of crypto wallets. Officials report that the case is tied to a broader scheme involving fake mobile apps, fraudulent e-commerce platforms, and misleading investment programs that allegedly collected ₹285 crore from victims across multiple states.

Fraud network built around fake job and investment apps

The case was initiated after Kadapa Police filed several First Information Reports in pursuance of Section 420 of the Indian Penal Code and Section 66-C and 66-D of the Information Technology Act. As the ED continued with the investigation, investigators discovered that other areas had also complained of the same issue, indicating that a well-organized operation was behind a series of applications, including the NBC App, Power Bank App, HPZ Token, RCC App, and other task-based earning tools.

According to the findings, scammers turned to WhatsApp and Telegram channels, where they recruited people, promising them commissions within a short time. Their approach included directing users to links that pretended to be legitimate service sites, where participants were given the task of undertaking simulated purchasing and selling of goods on the fabricated e-commerce websites.

Users were directed to transfer money into digital wallets associated with the apps before engaging in any activity, typically by transferring using a UPI linked to bank accounts and virtual payment addresses created by shell entities.

Victims routed into larger deposit cycles before losing access

According to investigators, the attackers initially used bank accounts to deposit small amounts of money, thereby gaining the trust of the victims. This trend motivated more targets to deposit more. As soon as the deposits swelled, withdrawals started to fail. Victims were then informed by communications teams working through messaging apps that they would need extra fees or taxes. Even after making those payments, users were unable to withdraw any funds.

Following that, websites became inaccessible, in-app balances disappeared, customer support channels were removed, and user accounts were deactivated. Some victims were also encouraged to recruit new participants under the promise of higher referral commissions, which would enable the fraud network to expand further.

The ED’s money-trail analysis shows that ₹285 crore in fraud proceeds circulated through more than 30 primary-layer bank accounts, each operational for short periods ranging from one to fifteen days. These accounts transferred funds to more than 80 secondary accounts to prevent early detection or freezing by banks. 

ED, Hyderabad Zonal Office, has provisionally attached bank balances amounting to Rs. 8.46 Crore spread across 92 bank accounts, including that of CoinDCX and a few crypto wallets, under PMLA, 2002 in connection with an ongoing investigation in large-scale cyber fraud committed… pic.twitter.com/6jaDzkbkub

— ED (@dir_ed) November 20, 2025

According to the investigators, the fraud network actively utilized the Binance peer-to-peer marketplace to purchase USDT (Tether). These acquisitions were made using third-party payments based on illicit deposits. The ED observed that sellers on WazirX, Buyhatke, and CoinDCX had acquired USDT at low prices and sold it on Binance P2P at a high price, with payments pegged to the proceeds of the crime.

A part, ₹4.81 crore, was allegedly exchanged into USDT using CoinDCX on non-KYC compliant accounts and transfers without verification by third parties.

If you're reading this, you’re already ahead. Stay there with our newsletter.