Navi Technologies, the fintech startup founded by Flipkart co-founder Sachin Bansal, suffered a significant financial loss of Rs.14 crore in December 2024. Scammers exploited a vulnerability in the company’s payment system, prompting an investigation by the Whitefield Cyber Crime Police in Bengaluru.
How the Scam Happened
The scam occurred over a 14-day period in December, during which Navi Technologies allowed customers to make payments through a third-party payment gateway (TPAP) on its app. While customers could use the app for services like mobile recharges and EMI payments, a bug in the system made it possible for fraudsters to manipulate the payment process.
Here’s how the fraud was executed:
- Initiating Payment: The customer would initiate a transaction on the Navi app, selecting an amount such as Rs.500 or Rs.1,000.
- Exploiting the Bug: After initiating the payment, scammers accessed the TPAP gateway and edited the payable amount to Re 1—an option that should not have been available after initiating the process.
- System Glitch: The system recorded the edited payment as successful for Re 1, while Navi Technologies was charged the original amount selected by the user.
This loophole allowed the fraudsters to siphon off Rs.14.26 crore from the startup during the period.
Investigation Underway
The Whitefield Cyber Crime Police have registered a case and launched an investigation into the incident. While the fraudsters remain unidentified, vigilance officer Srinivas Gowda from Navi Technologies confirmed the scam details.
About Navi Technologies
Founded by Sachin Bansal in 2018, Navi Technologies specializes in digital financial services, including lending, insurance, and investments. The company has gained a reputation for innovative fintech solutions but has now been forced to address vulnerabilities in its systems.
Bansal, known for his disciplined work ethic, has previously stated that Navi operates as a 100% work-from-office company, rejecting the remote work trend.
Lessons from the Incident
This scam highlights the importance of rigorous system testing and continuous monitoring in fintech operations. Cybersecurity experts stress the need for companies to address potential vulnerabilities proactively, especially when handling large-scale financial transactions.
What’s Next?
The ongoing investigation aims to identify the fraudsters and recover the stolen funds. Meanwhile, Navi Technologies is expected to strengthen its security systems to prevent similar incidents in the future.
