Operation Octopus 2.0 - Record 32 Bankers arrested by Hyderabad Police

Hyderabad City Police have arrested 52 individuals — including 32 bank officials — across nine states in a week-long operation that exposed a ₹150 crore fraud network. The operation, codenamed Operation Octopus 2.0, was led by DCP (Cybercrimes) V. Aravind Babu and ACP R.G. Siva Maruthi under the direction of Commissioner of Police V.C. Sajjanar.

The Scale of the Fraud

Investigators at the Cyber Crime Police Station (CCPS), Hyderabad, traced approximately ₹150 crore in fraudulent transactions across 350 bank accounts linked to roughly 850 criminal cases nationwide. The frauds ranged from investment scams and trading frauds to the increasingly common “digital arrest” scheme, where victims are intimidated over video calls by callers impersonating law enforcement officers from agencies like the CBI, Customs, or the Enforcement Directorate.

To execute the operation, 16 special teams of seasoned investigators were deployed simultaneously across Maharashtra, Delhi, Rajasthan, West Bengal, Karnataka, Gujarat, Andhra Pradesh, Telangana, and Bihar. Each team was led by an Inspector-rank officer and coordinated closely with local law enforcement.

The teams recovered 26 mobile phones used to manage banking apps and intercept OTPs, 14 chequebooks (many pre-signed for rapid fund withdrawal), two pen drives, one laptop, and stamps belonging to 21 shell companies. These shell company documents and stamps were the tools used to manufacture corporate legitimacy — allowing fraudsters to open high-limit current accounts that face less scrutiny than personal savings accounts.

The Role of Bank Officials

The most alarming finding of Operation Octopus 2.0 is the scale of complicity within the banking system. Of the 52 people arrested, 32 are bank officials — managers, KYC verifiers, relationship managers, field officers, and clerks. Their involvement was not passive; they actively facilitated the opening and operation of “mule accounts” that served as the primary financial pipeline for cybercriminals.

Bank	Arrests	Roles of Officials Arrested
AU Small Finance Bank	02	KYC Approver, Relationship Manager
Bandhan Bank	05	Branch Managers
Bank of Baroda	05	Managers, Probationary Officer, KYC Approver
Federal Bank	04	Managers, KYC Approver, Clerk
IDFC First Bank	04	Managers, KYC Approver
IndusInd Bank	06	Field Officer, KYC Approver, Managers
Karnataka Bank	02	Managers
Karur Vysya Bank	02	Managers
Equitas Small Finance Bank	01	Relationship Manager
HDFC Bank	01	KYC Approver

What Other States Should Learn from Hyderabad’s Approach

Operation Octopus 2.0 offers a practical blueprint for other states grappling with the explosion of cyber-financial crime. Several lessons stand out.

First, go after the infrastructure, not just the operators. Most cybercrime enforcement in India still focuses on arresting end-level fraudsters and mule account holders. Hyderabad’s decision to target bank officials — the people who build the financial rails — strikes at the system’s foundation. Without complicit insiders, the mule account pipeline dries up.

Second, coordinate across state lines from the outset. Cybercrime networks treat state borders as irrelevant. The Hyderabad model — deploying 16 teams across nine states simultaneously — prevented suspects from being tipped off by sequential, state-by-state raids. This requires advance coordination with local law enforcement agencies and a unified command structure, but it produces results that isolated local operations cannot match.

Third, hold banks publicly accountable. By naming the banks whose employees were arrested and explicitly calling out systemic KYC failures in the private sector, the Hyderabad Police have created pressure that internal compliance audits alone have failed to generate. Other states should consider similar public disclosures when bank officials are found complicit.

Fourth, treat mule account holders as accomplices, not victims. The reclassification of citizens who rent out their accounts from “victims” to “legally liable accomplices” sends a deterrence signal that awareness campaigns alone cannot achieve. States that continue to treat account-lending as a minor offence will find it harder to cut the supply chain.

Fifth, invest in specialised cyber units with operational autonomy. The CCPS Hyderabad’s ability to plan, resource, and execute a multi-state operation of this scale reflects years of institutional investment in specialised cyber policing. States that still rely on generalist police forces to handle cybercrime will continue to fall behind.

Finally, the RBI and banking regulators must take note.

When 32 officials across ten banks are found complicit in a single investigation, the problem has gone beyond individual misconduct. It points to gaps in regulatory oversight, weak internal controls, and a culture that treats compliance as a box-ticking exercise. Stricter supervisory action, heavier penalties for KYC violations, and mandatory reporting of suspicious account-opening patterns are urgently needed.

********