/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/media_files/2025/09/25/a-local-firm-in-hyderabads-hitec-city-witnesses-cybercrime-loses-rs-139-crore-to-hackers-2025-09-25-16-33-32.jpg)
/industry-wired/media/member_avatars/2025/08/14/2025-08-14t104612158z-img-20230601-wa0271-1-2025-08-14-16-16-23.jpg)
Exploiting APIs, Hackers Breached a Hyderabad-Based Fintech Firm’s Servers to Steal Rs. 1.39 Crore
A shocking cybercrime incident in Hyderabad’s HITEC City has raised serious concerns over Fintech security. Hackers exploited the local firm’s Application Programming Interface (API) to steal Rs. 1.39 crores. The company is known to develop fintech applications related to bill payments, educational transactions, and rentals. The fintech firm located the server breach on 15 September 2025.
How Did the Hackers Manage to Breach the Server Infrastructure?
After an investigation, the company learned that the cybercriminals did not interfere with its customer database. Instead, they penetrated the server infrastructure and exploited it to send API requests to the firm’s partner banks.
The hackers sent fraudulent API calls that appeared to be legitimate fund transfer requests made by the company and transferred Rs. 1,39,95,215 crore to several bank accounts. During the investigation, the officials also found that cybercriminals whitelisted specific IP addresses to access restricted networks and make these unethical transactions appear legitimate. The investigators said that this significantly increases the difficulty of identifying the theft.
Cybercrime Investigation is Under Way
As soon as the cybercrime was discovered, the company’s CEO filed a complaint at Cyberbad Cybercrime Police Station. Digital forensic experts have initiated their probe to locate the attack trail and are trying to track down the end recipients of these funds. Officials noted that though the company’s core data repository remained unaffected, server-side exploitation still occurred, showing that even secure systems are susceptible to vulnerabilities.
Experts have pointed out a growing trend of API-driven cyberattacks and advised firms to take additional precautions to safeguard essential data and resources. Authorities have advised firms to monitor server activity with the latest anomaly detection systems regularly, perform continuous penetration, and conduct red-team exercises.
The private firms are also directed to frequently review IP whitelisting practices and use multi-layer authentication for API transactions. This cybercrime incident in the HITEC city of Hyderabad reminds us that hackers can exploit any loopholes in the system to fulfil their goals. Therefore, adhering to the most advanced security measures is mandatory to bypass cybercrime risks.