Background and Timeline

In early January 2026, the Delhi Police’s East District, as part of ‘Operation Cyber Hawk,’ dismantled a sophisticated inter-state cybercrime syndicate operating across Delhi, Moradabad, and Bareilly. The investigation was triggered by a complaint from a Tamil Nadu resident who reported a fraudulent deduction of ₹6,000 from her bank account in September 2025. This seemingly minor incident unraveled a sprawling network of cybercriminals exploiting banking loopholes and digital platforms to siphon funds nationwide.

Modus Operandi

The syndicate specialized in creating and managing “mule” bank accounts—accounts opened in the names of unsuspecting or complicit individuals, often for a small fee. These accounts served as conduits for laundering proceeds from various cybercrimes. The criminals used WhatsApp, Telegram, and custom SMS forwarder APKs to remotely control these accounts and intercept one-time passwords (OTPs), effectively bypassing standard banking security. Once funds were deposited into mule accounts, they were rapidly layered through multiple accounts and ultimately converted into USDT cryptocurrency via platforms like KuCoin and Binance, making the money trail difficult to trace.

Victims and Financial Impact

The operation uncovered 85 mule bank accounts linked to over 600 complaints on the National Cybercrime Reporting Portal (NCRP). Suspicious transactions totaling ₹15 crore were identified, with ₹4.7 lakh in cash seized during the crackdown. The syndicate’s reach extended across several states, impacting hundreds of victims, many of whom are still being notified and assisted by authorities.

Investigation and Agencies Involved

The investigation involved meticulous analysis of bank statements, internet banking logs, and IP addresses. The Delhi Police coordinated with the Indian Cyber Crime Coordination Centre (I4C) and leveraged NCRP data to map the syndicate’s operations. Eight individuals were arrested from Delhi, Ghaziabad, Moradabad, Bareilly, Rampur, and Maharashtra. The probe also revealed links to China-based handlers who orchestrated the laundering process remotely, using Telegram channels like “Apay-JS” to manage logistics and communications.

Arrests and Suspects

Eight accused, including Mohd Wasim and Toseen (account procurers), Sabir, Furqan, Sahibe Alam (crypto handlers), Javed (APK manager), Raza Qadri (major distributor), and Noor Md (facilitator), were apprehended. Each played a distinct role, from sourcing account holders to managing technical aspects of the fraud. The investigation remains active, with efforts underway to trace additional victims and international collaborators.

Broader Implications and Trends

This case exemplifies the growing sophistication of cybercrime syndicates in India, particularly their use of mule accounts, e-KYC bypass techniques, and cryptocurrency for laundering. The international dimension—specifically the involvement of China-based operators—underscores the need for cross-border law enforcement cooperation. The case also highlights the importance of robust KYC protocols, advanced transaction monitoring, and public awareness to combat such threats.