Skip to Content
Add Network with Us — Join Membership


TGCSB Takes Over ₹1,000 Crore Mule Account Fraud Probe in Telangana

A Special Investigation Team will examine an alleged network that recruited unemployed people and labourers to open bank accounts later used for cybercrime transactions.
July 17, 2026 by
TGCSB Takes Over ₹1,000 Crore Mule Account Fraud Probe in Telangana
Administrator

The Telangana Cyber Security Bureau (TGCSB) has taken over the investigation of two major cybercrime cases involving an alleged mule bank account network through which more than ₹1,000 crore in suspected proceeds was reportedly routed.

The cases were transferred from V.M. Banjara Police Station and Sathupalli Police Station following directions from the Telangana Director General of Police and a request from Khammam Police Commissioner Sunil Dutt.

The cybercrime bureau has constituted a Special Investigation Team (SIT) under Deputy Superintendent of Police K.V.M. Prasad and re-registered the cases for a wider investigation.

Complaint Over Job Promise Exposed Alleged Network

The investigation reportedly began with a complaint filed on 24 December 2024 by Modugu Sai Kiran, a resident of Thumburu village in Sathupalli mandal.

According to the complaint, he was promised employment in 2022 and persuaded to open bank accounts that were later allegedly used to receive and transfer proceeds linked to cybercrime.

Investigators allege that the network operated between 2021 and 2025, targeting:

  • Unemployed graduates
  • Daily-wage labourers
  • Job seekers
  • Small business owners
  • Financially vulnerable individuals

The individuals were reportedly approached with promises of jobs, business opportunities, commissions or easy income.

Bank Accounts Allegedly Purchased for Small Payments

According to police, once the bank accounts were opened, members of the alleged network collected control over them by obtaining:

  • Debit cards
  • Cheque books
  • Internet banking credentials
  • Registered mobile numbers
  • Account documents

Account holders were allegedly paid between ₹3,000 and ₹10,000, depending on whether they opened a savings account or current account.

In many cases, the individuals whose names appeared on the accounts may not have controlled the subsequent transactions.

What Is a Mule Bank Account?

A mule account is a bank account used to receive, transfer or withdraw money generated through fraud or other unlawful activity.

Such accounts may be opened:

  • By individuals knowingly assisting criminals
  • Through false employment offers
  • In the names of unsuspecting people
  • Using fabricated businesses
  • Through irregular KYC processes

Cybercrime networks use multiple accounts to divide and layer transactions, making it difficult to identify the original fraud and final beneficiary.

Funds Allegedly Layered Through Multiple Accounts

Investigators allege that money entering the accounts was transferred through several linked mule accounts before being:

  • Withdrawn in cash
  • Moved to other states
  • Converted into cryptocurrency
  • Transferred through payment gateways
  • Settled with overseas operators

This layering process allegedly concealed the source and destination of the funds while increasing the complexity of the financial trail.

Call Centres Allegedly Operated in India and Cambodia

According to investigators, the alleged network had associations with call centres operating from:

  • Hyderabad
  • Cambodia

These centres reportedly worked with international cybercrime operators and targeted victims across India.

The alleged fraud methods included:

  • Matrimonial scams
  • Reward-point fraud
  • Online gaming schemes
  • Betting platforms
  • Stock market investment fraud
  • Cryptocurrency trading scams

The TGCSB is examining whether the bank account network was providing payment and settlement support to multiple independent cybercrime operations.

Twenty Arrests Reported

Police first arrested key accused Potru Praveen in December 2024.

A coordinated operation conducted on 11 January 2026 reportedly resulted in the arrest of 18 additional individuals.

Investigators later detained alleged principal accused Udatneni Vikas Choudhary, taking the total number of reported arrests to 20.

Several other accused were reportedly absconding at an earlier stage of the investigation.

All allegations against the accused remain subject to investigation and judicial determination.

Earlier Transactions Totalled ₹547 Crore

Before the cases were transferred to the TGCSB, investigators had reportedly traced transactions of approximately:

  • ₹547 crore

The latest investigation indicates that the combined value of transactions connected with the two re-registered cases may exceed:

  • ₹1,000 crore

The final amount will depend on the reconciliation of bank statements, cryptocurrency transactions, payment gateway records and other financial evidence.

Parallel Complaint Involves Alleged IT Company

A separate case registered at V.M. Banjara Police Station reportedly involves the same core group.

An unemployed graduate alleged that between 2022 and 2024, he was persuaded to open accounts with:

  • HDFC Bank
  • South Indian Bank

The accounts were allegedly opened on the representation that they would be used for an IT company and a business identified as Extrika Solutions.

The complainant later discovered that the accounts were allegedly being used for transactions connected with cybercrime.

Business Accounts Also Allegedly Misused

Another complainant, described as a businessman, reportedly claimed he was persuaded to open current accounts for an interior decoration venture in 2021.

In 2025, he was allegedly asked to open another account for a proposed payment gateway business.

Investigators are examining whether fabricated commercial explanations were systematically used to obtain current accounts with higher transaction limits.

Shell Entities and Payment Gateways Under Examination

The SIT is expected to investigate suspected businesses and entities created or used to process fraudulent transactions.

The examination may include:

  • Corporate registration documents
  • GST records
  • Bank account opening forms
  • Payment gateway agreements
  • Merchant identification numbers
  • Beneficial ownership details
  • Transaction limits
  • Mobile and email records

Investigators will assess whether any companies had genuine commercial operations or existed primarily to provide financial infrastructure for cybercrime.

Wider Telangana Crackdown on Mule Accounts

The latest investigation forms part of a broader crackdown on mule account networks in Telangana.

In a separate initiative known as Operation Crackdown 1.0, the TGCSB reportedly arrested 208 individuals connected with an alleged ₹100 crore mule account network.

Those arrested reportedly included:

  • Bank employees
  • Software engineers
  • Lecturers
  • Students
  • Other account holders and facilitators

That operation was linked to approximately 1,549 cybercrime FIRs across the state.

Bank Branches and KYC Gaps Under Scrutiny

Investigators reportedly identified 19 bank branches with more than 20 suspected mule accounts each in the earlier operation.

The recurring discovery of numerous mule accounts within particular branches has raised questions over:

  • Customer due diligence
  • KYC verification
  • Monitoring of unusual transactions
  • Current account onboarding
  • Detection of rapid fund movement
  • Internal bank controls

The involvement of bank employees in at least one earlier case has also led investigators to examine whether irregular account openings were facilitated from within financial institutions.

Cryptocurrency Trail Being Analysed

The TGCSB is expected to examine whether a portion of the funds was converted into cryptocurrency to facilitate cross-border settlement.

Investigators may seek information from:

  • Cryptocurrency exchanges
  • Virtual asset service providers
  • Wallet operators
  • Foreign enforcement agencies
  • Blockchain analytics companies

Blockchain records can sometimes help identify wallet movements, although establishing the individuals controlling those wallets may require additional digital and international evidence.

Experts Warn Against Sharing Bank Accounts

Cybercrime specialist and former IPS officer Prof. Triveni Singh has described mule accounts as a critical enabler of organised cybercrime.

Criminals rarely receive stolen funds directly into accounts held in their own names. Instead, they rely on layers of accounts belonging to other individuals.

People should never hand over:

  • ATM or debit cards
  • Cheque books
  • Internet banking credentials
  • OTPs
  • Registered SIM cards
  • Bank account access

A person who allows their account to be used for unknown transactions may face account freezing, police questioning and potential criminal proceedings, even if they were initially recruited through a job or commission offer.

Investigation Continues

The Special Investigation Team is now examining:

  • Bank records
  • Mobile devices
  • Digital communications
  • Shell companies
  • Cryptocurrency transactions
  • Payment gateway data
  • Interstate connections
  • Overseas links

The bureau is also working to identify additional account holders, facilitators, organisers and final financial beneficiaries.

Further arrests, account freezes and asset-tracing measures may follow as the investigation progresses.

Shunyatax Global Insight

Shunyatax Global says that mule accounts are not merely a banking compliance issue; they form the financial backbone of many organised cybercrime networks. Banks should use stronger behavioural monitoring to identify newly opened accounts receiving high-volume or rapidly layered transactions. Individuals must never open or surrender control of bank accounts in exchange for jobs, commissions or business promises, as the account holder may become the first person identified when investigators trace stolen funds.

in News
Share this post
Archive