Pune-based Cosmos Bank loses Rs 94 crore to hackers

A malware attack helped hackers clone thousands of debit cards and siphon off over ₹94 crore from Cosmos Bank over a period of two days.


Between 11 and 13 August, hackers originating from Canada extracted Rs 78 crore from ATMs across 28 countries, including Canada, Hong Kong and India. An additional Rs 13.92 was transferred to a Hong Kong-based account on 13 August.

Milind Kale, chairman of the Pune-based cooperative bank, said in a statement

that the switch system for the payment gateways of Visa and Rupay debit cards was attacked by a malware. However, he clarified that Cosmos’ core banking system was not affected, and that it has sought help from a cyber-forensic firm to investigate the hack.

Established in 1906, Cosmos Cooperative Bank is the second oldest and second largest bank in the country. The bank attained multi-state scheduled status in 1997.

In wake of the disclosure, the National Payments Corporation of India (NCPI) stated that its systems are completely secure and pointed out that the breach occurred in the bank’s own IT environment.

The modus operandi

The bank got a whiff of the fraud after noticing an abnormal number of repeat transactions at various ATMs. The hackers were able to clone the debit cards and used a proxy switch system to approve around 15,000 transactions amounting to Rs 80.5 crore.

At the time of a debit card transaction, the core banking system receives a payment request on the ‘switching system’. The switching system or payment gateway is intermediary entity which processes and subsequently authorizes payment requests made by a payment portal.

The proxy switch developed by the hackers enabled them to interact with the Visa and Rupay payment gateways to authorize the fraudulent transactions.

TOI reported that Visa officials alerted the bank system admins about the suspicious transactions, following which the bank stopped ATM services of Visa.

Additionally, it has been reported that Lazarus group might have been responsible for the attack. Lazarus, a hacking group that began its run in 2009, was responsible for the $81 million Bangladesh banking heist and the 2014 attack on Sony Pictures.