₹1.49 Crore Looted from Indian E-Commerce Wallet via OTP Loophole

Two Warehouse Employees Arrested for Exploiting OTP Loophole to Siphon ₹1.49 Crore from Company Wallet

A major case of internal fraud came to light on May 1, 2026, in the e-commerce industry, where two employees exploited their deep understanding of the company’s system to siphon off ₹1.49 crore from its digital wallet.

• The operation was meticulously planned and executed primarily during late-night hours, evading immediate suspicion.
• Rahul Kushwaha and Vishal Kannaujia, both employees at the company’s warehouse, were identified as the masterminds behind the fraud.
• Their intimate knowledge of the company’s digital infrastructure and transaction processes allowed them to manipulate the system undetected for several months.
• The accused specifically targeted the One-Time Password (OTP) authentication system to execute unauthorized transactions.

The OTPs were typically sent to official accounts of company authorities. However, the accused carried out transactions late at night when officials were unlikely to notice. By the time daily data synchronization occurred the next morning, OTP alerts had been pushed far back, delaying detection.

Sophisticated Money Laundering Scheme

Further investigation revealed a sophisticated money laundering scheme designed to avoid suspicion. The siphoned funds were initially transferred to bank accounts of relatives and acquaintances.

• These funds were then gradually routed to the personal accounts of the accused’s close contacts.
• Vishal Kannaujia alone transferred approximately ₹40 lakh to his wife Jyoti’s account and ₹38 lakh to his girlfriend’s account.

Over a period of six months, the accused embezzled a total of ₹1.49 crore using this method. The illegally acquired money was used to purchase a plot in Kanpur Dehat, an old car, and to establish a restaurant named “Foody Junction” in the Kakadeo area.

About Author

Vaibhav

See author's posts