Operation Octopus 2.0: Hyderabad Police bust ₹150 crore mule-account racket, arrest 52 across nine states

Hyderabad City Police have dismantled a nationwide mule-account network allegedly used to launder proceeds of cyber fraud, arresting 52 accused—among them 32 bank officials—in coordinated raids across nine states. Codenamed Operation Octopus 2.0, the crackdown is linked to around 850 cases involving fraud worth about ₹150 crore.

Investigators said the probe uncovered a nexus between cybercriminals and bank employees who allegedly opened and operated “mule accounts” by bypassing mandatory KYC norms. Those arrested include 32 officials from multiple banks, 15 mule account holders who allowed their accounts to be used for illegal transactions, and five middlemen or aggregators who sourced and managed these accounts.

According to officials, the accounts were used to funnel money from fake investment schemes, online trading frauds, and so-called “digital arrest” scams in which victims were coerced into transferring funds. The operation was led by Cyber Crime DCP V. Aravind Babu and ACP R.G.

Siva Maruthi under the supervision of Commissioner V. C. Sajjanar. Police conducted simultaneous, intelligence-based raids in Maharashtra, Delhi, Rajasthan, West Bengal, Karnataka, Gujarat, Bihar, Andhra Pradesh and Telangana, coordinating with local authorities for targeted arrests.

The Cyber Crime Police Station (CCPS), Hyderabad, identified nearly 350 bank accounts used to divert stolen money, which are linked to around 850 cybercrime cases across India. Officials said the scale and coordination indicate an organised, multi-layered network with nationwide reach.

Employees from several banks were found complicit in facilitating fraudulent transactions. The accused include managers, relationship managers, KYC approvers, field officers and clerical staff, which officials said highlights systemic lapses in compliance. Police said they seized incriminating material during the raids that is expected to help trace the larger network and identify key masterminds.

Operation Octopus 2.0 builds on Operation Octopus-1, conducted in February 2026 across 16 states, which resulted in 117 arrests. The latest phase specifically targeted bank insiders alleged to be enabling cybercrime ecosystems. Reiterating a zero-tolerance approach to cybercrime, Commissioner V.

C. Sajjanar stated that negligence or complicity by bank officials will not be tolerated and warned that all those involved, regardless of position, will face strict legal action. Authorities also pointed to serious lapses in KYC verification, particularly in some private sector banks, which have been exploited by cybercriminals to create mule accounts.

Police issued an advisory urging the public to be cautious of “guaranteed returns” or unsolicited trading tips on messaging platforms and to verify investment platforms with the Securities and Exchange Board of India. They emphasised that no law enforcement agency conducts arrests via video calls or demands money transfers and advised people to disconnect such calls immediately.

Citizens were also told not to share OTPs or install remote-access apps at the request of unknown persons, and warned that allowing one’s bank account to be used for transactions can make the account holder legally liable.

Victims of cyber fraud were advised to report cases promptly via the National Cyber Crime Reporting Portal or at the nearest cybercrime police station; officials said reporting within the “golden hour” of 1–2 hours significantly improves the chances of freezing stolen funds.

Hyderabad Police said Operation Octopus will continue as an ongoing nationwide effort to dismantle organised cyber fraud syndicates and strengthen the country’s digital safety.