₹3,000 Crore MP–Nuh Cyber Fraud Network Exposed

Haryana’s Nuh district, already under the scanner after links emerged to the 10/11 Delhi blast case, has now been flagged as the operational core of what investigators describe as Madhya Pradesh’s biggest-ever inter-state cybercrime and suspected terror funding network.

According to Madhya Pradesh Police, an elaborate system of fake SIM cards and mule bank accounts spread across the Vindhya and Mahakoshal regions of the state was quietly funnelling money into the hands of cybercriminals and, potentially, actors involved in terror financing.

How Mule Accounts in MP Fed a Pan-India Fraud

Investigators say the network leaned heavily on “mule” bank accounts—accounts opened in the names of ordinary citizens, mostly from low-income backgrounds, whose credentials were misused or bought for small commissions.

• Over 1,000 bank accounts belonging to residents of Madhya Pradesh’s Vindhya and Mahakoshal region have been identified as conduits for cybercrime proceeds.
• These accounts were used to park, layer and move money generated from online frauds across India.
• Many account holders were reportedly lured with promises of government benefits or easy income, only to find massive transactions passing through accounts they barely used themselves.

Earlier probes in districts such as Satna and Sidhi had already exposed how organised rackets were opening accounts in the names of security guards, labourers and other vulnerable groups, then retaining control of phone numbers and net-banking credentials to resell these accounts to cybercriminals.

Nuh’s Illegal Call Centres at the Core

As the Madhya Pradesh cybercrime unit followed the money trail, they say the mastermind layer of the racket led consistently to Nuh in Haryana.

According to officials:

• An illegal call centre operated from a flat in Gurugram was used to dial targets across India, posing as officials, customer support agents or representatives of financial platforms.
• SIM cards were sourced from multiple states, including Madhya Pradesh, and transported through intermediaries in Patna, Bihar, before reaching key operators in Nuh.
• These SIMs, often obtained through forged documents or compromised retail outlets, formed the communication backbone of the fraud.

The operation did not stop at SIM cards and bank accounts. Investigators also point to the use of shell companies registered in Hyderabad and parts of Maharashtra to move funds through additional layers, making the trail harder to follow.

The ₹3,000 Crore Money Trail and a Terror Funding Angle

Police estimate that more than ₹3,000 crore has moved through this ecosystem of mule accounts and shell entities over the last few years.

A senior Madhya Pradesh police officer, quoted in national media, said the inflows included:

• Proceeds of large-scale cyber frauds committed across multiple states
• Religious charity funds diverted or misdirected
• Money from unexplained sources suspected of being linked to terror financing

A portion of these funds is believed to have been routed to the Middle East, raising concerns that the same channels used to launder cybercrime proceeds are being repurposed to support extremist activities.

This latest revelation comes on the heels of earlier reports that Nuh was already under scrutiny as a base for a so-called “white-collar” terror module connected with the Delhi blast case, strengthening the view that financial crime and national security risks are converging in the region.

Arrests So Far—and the Hunt for Masterminds

Over the past 11 months, more than 25 individuals from Madhya Pradesh, Haryana and Bihar have been arrested and charge-sheeted in connection with the network.

Those arrested so far are largely:

• Local operators who helped open or manage mule accounts
• Middle-level coordinators involved in SIM procurement and movement
• Call centre staff who directly interacted with victims

Investigators describe these arrests as “the foot soldiers layer.” With the base of the pyramid now documented in charge sheets, police say the focus is shifting to the command structure in Nuh—the handlers who designed the financial flows, secured overseas links and orchestrated the use of shell firms.

From Jamtara to Nuh – How Cybercrime Hotspots Shift

For years, Jamtara in Jharkhand was a byword for phone-based financial scams. Crackdowns there and in parts of West Bengal appear to have pushed cybercriminals to newer geographies.

According to Madhya Pradesh’s cybercrime officials:

• Nuh and adjoining districts in Rajasthan have now evolved into significant cybercrime hubs, specialising in online cheating, sextortion, investment scams and digital impersonation.
• Simultaneously, districts like Sidhi, Satna, Rewa and other pockets of MP have become fertile ground for mule accounts and fake SIM distribution, feeding demand from more sophisticated crime centres.

In essence, the MP–Nuh nexus reflects a broader national pattern: as enforcement tightens in one hotspot, organised groups migrate operations to new, often more vulnerable, locations.

Why This Matters for Banks, Fintechs and Everyday Users

The investigation lays bare how small structural weaknesses in KYC, telecom onboarding and digital literacy can be exploited at massive scale.

For banks and payment firms, the case underlines:

• The risk of mass-opened low-value accounts with common introducers or agents
• The importance of behavioural analytics to flag accounts that suddenly start routing high-value, multi-state transactions
• The need to align with cyber-crime coordination platforms and promptly respond to law enforcement alerts on suspicious accounts and devices

For telecom providers and PoS agents, fake or weakly verified SIM issuance continues to be a major vulnerability, allowing call centres and fraudsters to pivot identities quickly and at scale.

For individuals, the dangers are two-fold:

1. You can be defrauded as a victim of cybercrime.
2. You can also become an unwitting accomplice if you rent out your bank account or agree to “help” someone receive money for a commission.

Being associated with a mule account can lead to criminal proceedings, frozen accounts and long-term compliance flags—even if you did not mastermind the fraud.

Shunyatax Global View – Compliance, Forensics and Risk Strategy

At Shunyatax Global, analysts see the MP–Nuh probe as a textbook case of how low-friction digital rails, patchy field-level KYC enforcement and the emergence of specialised regional crime hubs can combine into a high-velocity financial crime and potential terror funding pipeline.

For banks, NBFCs, fintechs and corporates, this raises urgent strategic questions:

• Are your onboarding and monitoring systems able to detect mule-like behaviour early?
• Do you have a playbook for rapid response when law enforcement flags an account or device?
• How exposed are you to SIM-swap, compromised account and synthetic identity risks in high-risk geographies?

Shunyatax Global supports institutions with:

• Cyber-financial risk assessments focused on mule accounts and SIM-linked fraud
• Forensic transaction reviews to isolate suspect flows and counterparties
• Regulatory and law-enforcement liaison support to help navigate complex multi-state investigations

Shunyatax Cyber Risk Advisory & Compliance Services

As India’s digital economy deepens, the line between routine cyber fraud and national-security-relevant finance is blurring. The MP–Nuh investigation shows how quickly localised scams can evolve into cross-border pipelines.

If your organisation handles payments, customer data or digital onboarding, this is the moment to stress-test your controls.

Visit Shunyatax Global Services to:

• Request a confidential risk review of your exposure to mule accounts and SIM-linked fraud
• Explore advisory and forensic services tailored to regulated entities
• Stay updated via the Shunyatax News & Insights column on global financial crime trends