Hackers use finance app to steal millions in only half a day

1 min read

Chinese police have arrested nearly 100 suspects in over 30 Chinese provinces for stealing online funds. The case was opened when a hacker gang stole RMB 10.5 million in just half a day by attacking a finance app, The Paper reports (in Chinese). The Shanghai Xuhui District Public Security Bureau has announced that the Shanghai police have been investigating the case for the last six months and since then uncovered a series of thefts that led to the arrest suspects in over 30 Chinese provinces.

The case was opened on February 27th when a certain finance service company discovered that one of its apps’ software has been hacked and that RMB 10.5 million was stolen. After receiving the report, the police in Shanghai set up a task force to analyze the app’s data and the perpetrators’ modus operandi so that it can close off loopholes.

According to the investigation, the hacker used app vulnerabilities to fraudulently withdraw funds. The hacker then disseminated this method through the internet for others, making the vulnerability heavily exploited. During the attack, a total of 422 attempts were made to attack the accounts on the app out of which 269 resulted in successful withdrawals.

At the beginning of March, the police arrested their six main suspects in Anhui province after which the investigation expanded to include almost 100 people throughout the country. As of August 28th, the police managed to freeze over RMB 2.5 million of funds, recover over RMB 1.6 million.