“Hello… this is Divya speaking”—and a Rs 21 crore scam! Senior CA from Gwalior falls victim to a major crypto fraud
“Hello… this is Divya speaking” – this WhatsApp message marked the beginning of one of the country's largest cryptocurrency investment frauds. In this scam, a 70-year-old senior Chartered Accountant from Gwalior was swindled out of ₹21.06 crore. Furthermore, the fraudsters funneled this money through their network into thousands of bank accounts spread across the country.
Details of the case
The fraudsters targeted Ashok Vijayvargiya, a senior CA and Chief Returning Officer of the Madhya Pradesh Chamber of Commerce and Industries. According to the complaint, Vijayvargiya received a message from an Indian mobile number in December 2025. The woman who sent the message introduced herself as “Divya” and claimed to be an investment advisor. It is alleged that she told Vijayvargiya that investing in USDT Tether (a cryptocurrency pegged to the value of the US dollar) could yield massive profits in a short period.
While the initial conversation took place via an Indian mobile number, subsequent interactions occurred on other numbers, including +1 (516) 713-7291, which carries a US country code.
The fraudsters allegedly sent Vijayvargiya a link to an online trading portal and assisted him in creating an account. Once the account was activated, the portal displayed opportunities to invest in USDT, Bitcoin, and other digital assets. The fraudsters remained in constant contact via WhatsApp, guiding him through the investment process.
Initial investments were deliberately kept small
Initial investments were deliberately kept small. The portal showed that these investments were generating profits. However, whenever Vijayvargiya attempted to withdraw the alleged earnings, he was unable to do so; instead, demands for more money were made to facilitate the withdrawal.
It was then that Vijayvargiya realized the profits displayed on the portal likely never existed in the first place. According to reports, Vijayvargiya has handed over WhatsApp chats, screenshots of transactions, account statements, and details of multiple beneficiary accounts to the Cyber Cell.
Funds were routed through a complex banking network
Preliminary investigations by the Gwalior State Cyber Cell reveal that the funds were routed through a complex, four-layer banking network. This network involved over 20,000 digital transactions and accounts spanning regions from South India to the northern states.
According to the police, the alleged fraud occurred between December 2025 and July 2026. Initially, Vijayvargiya perceived this as a lucrative USDT trading deal; consequently, he lost Rs 21 crore 05 lakh 92,000, while a fictitious profit exceeding Rs 33 crore was displayed to him on a dubious, fake trading portal.
Cyber Team Freezes ₹2 Crore
The police have managed to freeze approximately Rs 2 crore so far; however, the remaining funds were allegedly transferred elsewhere or withdrawn before investigators could intervene.
Preliminary findings indicate that the fraudsters employed a multi-layered transfer system to ensure the funds could not be easily traced or frozen.
Cyber Team Maps Out Four-Layer Account System
The cyber team has reportedly compiled a detailed list of 77 accounts and initiated measures to block or investigate them.
From these "first-layer" accounts, funds moved into 493 "second-layer" accounts. Subsequently, the money dispersed into approximately 12,700 accounts at the third layer.
At the fourth layer, investigators identified around 7,500 additional transactions through which funds were allegedly withdrawn or converted using methods such as ATMs, shopping vouchers, cash vouchers, online payments, and cryptocurrencies like USDT. In total, this trail currently encompasses approximately 20,049 transactions.
The movement of funds indicates that the money was deliberately split into smaller and larger amounts and circulated rapidly to ensure it did not remain in any single account long enough for the police or banks to freeze it.
A Network Spanning the Entire Country
According to reports, the cybercrime network is linked to bank accounts across Karnataka, Tamil Nadu, Andhra Pradesh, Kerala, Haryana, Uttar Pradesh, Gujarat, Rajasthan, Madhya Pradesh, Jharkhand, West Bengal, and Chhattisgarh.
Investigators believe the network is nationwide, involving suspicious "mule accounts" (accounts used for fraud) that are operated or controlled across multiple levels.
Given the sheer volume of transactions, it is unlikely that all account holders are masterminds behind the scheme. Some accounts may belong to "money mules"—individuals who allow their bank accounts to be used for receiving and transferring illicit funds in exchange for a commission. Other accounts could be linked to shell companies, intermediaries, digital wallet operators, or organized cybercrime syndicates.
The cyber team is now attempting to trace the final destination of the funds after they passed through the fourth level of the chain.
Cyber Team Tracking IP Addresses Linked to URLs and WhatsApp Numbers
Officials stated that the cyber team is prioritizing the accounts where the victims' money was initially deposited. "Our technical team is investigating 77 'first-layer' bank accounts, and we have frozen approximately Rs 2 crore across various accounts. We are also tracking IP addresses associated with the fraudulent URLs and WhatsApp numbers."
