More than 500 bank and wallet accounts were used to siphon approximately Rs 33.95 million from F1Soft International Pvt. Ltd.’s account at Citizens Bank International, according to the Cyber Bureau of Nepal Police.  

A month-long investigation revealed that hackers from abroad exploited system vulnerabilities to orchestrate the theft.  

The funds, withdrawn illegally, were funneled through over 500 accounts. Police have filed a chargesheet at the Kathmandu District Court against 24 individuals, identified as the first-tier recipients of the funds, for fraud through electronic means. Among them, 15 suspects remain at large.  

Read: Central Bank Highlights Rapid Growth in Online Financial Crimes

F1Soft filed a complaint with the Cyber Bureau on October 6, 2024, alleging that hackers had repeatedly withdrawn Rs 35.15 million from its account between October 1 and October 4. The complaint was lodged by Dhiraj Kumar Bhujel on behalf of the company.  

According to the police, the accused admitted to being lured by promises of money and jobs. Hackers reportedly offered online job opportunities and instructed individuals to open bank accounts, which were then used for transactions in exchange for commissions.  

F1Soft International is a leading provider of digital financial services to banks in Nepal. The company is also the developer of established digital payment platforms such as eSewa and PhonePay.  

Kathmandu Police Requests People to be Cautious about Online Payment Frauds   

Stakeholders have raised alarm over the rising vulnerability of Nepal’s financial sector to cyberattacks. While globally, the military, finance, and business sectors are the primary targets, Nepal’s banking and e-commerce sectors have emerged as the most at risk, they say.  

In November last year, a report by Nepal Rastra Bank (NRB) warned of increasing cyber-enabled financial fraud cases, identifying students and youth aged 19–30 as the most frequent offenders.  

The Strategic Analysis Report 2024 by NRB’s Financial Intelligence Unit (FIU) revealed that 63% of suspicious transaction reports (STRs) submitted to FIU by May 31, 2024 were related to cyber fraud. 

Read: Nepal’s Financial Sector Increasingly Vulnerable to Cyberattacks, Stakeholders Warn

Fraudsters commonly exploit digital platforms using tactics like fake lotteries, gift offers, and parcel scams. They also create fake social media profiles to solicit money and use one-time passwords (OTPs) and other digital tools to gain access to accounts. The report found that most fraudulent activities occur within three months of opening a bank account, highlighting that newly opened accounts are a frequent target.  

To combat these crimes, the report recommended introducing a cooling-off period for new accounts, imposing transaction limits during an account’s initial months, and ensuring mobile numbers used for digital banking services are registered under the name of the account holder or their immediate family members.  

(The news has been updated for clarity.)