₹1,000 Cr online scam: CBI exposes China linked cyber fraud syndicate

The Central Bureau of Investigation (CBI) has filed a chargesheet against 17 individuals, including four Chinese nationals, and 58 companies for their alleged involvement in a transnational cyber fraud network that siphoned off more than ₹1,000 crore from unsuspecting victims across India, officials said on Sunday.

According to the agency, the racket operated as a single, tightly coordinated syndicate that relied on a sophisticated digital and financial infrastructure to execute multiple online scams. These included misleading instant loan offers, fake investment and trading platforms, Ponzi and multi-level marketing schemes, fraudulent part-time job advertisements and rigged online gaming operations.

The investigation revealed that the proceeds of crime were systematically laundered through a web of 111 shell companies and hundreds of mule bank accounts. Around ₹1,000 crore was routed through these accounts, with one account alone receiving more than ₹152 crore within a short period, investigators said. The shell firms were allegedly floated using dummy directors, forged or misleading documents, fake addresses and false declarations of business activity.

“These shell entities were primarily used to open bank and merchant accounts with multiple payment gateways, allowing rapid layering, movement and diversion of illicit funds,” a CBI spokesperson said, adding that this structure helped the accused conceal the source of money and evade scrutiny.

The agency traced the origins of the scam network to 2020, when online activity surged during the COVID-19 pandemic. The shell companies were allegedly incorporated at the behest of four Chinese nationals Zou Yi, Huan Liu, Weijian Liu and Guanhua Wang who investigators say acted as the principal handlers and masterminds of the operation .

Indian associates played a key operational role by procuring identity documents of unsuspecting individuals. These documents were then misused to set up shell companies and open mule accounts, which became conduits for laundering the proceeds generated through the various digital frauds.

The probe uncovered communication trails and technical evidence pointing to foreign control of the network. In a significant finding, investigators detected a UPI ID linked to the bank accounts of two Indian accused operating from a foreign location as late as August 2025, indicating continued real-time oversight and operational control from outside India.

The chargesheet details a highly layered, technology-driven modus operandi. Victims were lured through Google advertisements, bulk SMS campaigns and SIM box-based messaging systems. Funds collected were routed through fintech platforms, cloud-based infrastructure and multiple bank accounts to break the money trail and obscure the identities of the ultimate beneficiaries.

“Every stage of the operation from targeting victims to collecting and moving funds was deliberately structured to mask the controllers of the network and frustrate law enforcement efforts,” the spokesperson said.

The case was registered following inputs from the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs, which flagged a pattern of large-scale cheating through online investment and employment schemes. Initial arrests were made in October, after which the CBI widened the probe.

Subsequent searches were conducted at 27 locations across Karnataka, Tamil Nadu, Kerala, Andhra Pradesh, Jharkhand and Haryana. Digital devices, documents and financial records seized during these raids were subjected to detailed forensic analysis, which investigators say helped establish the scale, structure and international linkages of the fraud network.