From A "Hello... This is Divya" WhatsApp Text To A Rs 21-Crore Crypto Fraud

The police have so far managed to freeze approximately Rs 2 crore, but the remaining money was allegedly moved, withdrawn, converted or used for other payments before investigators could stop it.

Advertisement
Read Time: 7 mins
Ashok Vijayvargiya, a senior Chartered Accountant, who lost Rs 21.06 crore in WhatsApp trading fraud
Quick Read
Summary is AI-generated, newsroom-reviewed
  • A 70-year-old senior Chartered Accountant lost Rs 21.06 crore in a nationwide crypto fraud case
  • Funds moved through 20,000 plus transactions across 77 first-layer and 7,500 fourth-layer accounts
  • Fraud involved a fake USDT trading portal and multi-layered money transfers to avoid detection
Did our AI summary help?
Let us know.
Bhopal:

A WhatsApp message that said "Hello... this is Divya speaking," allegedly set in motion one of the country's biggest cryptocurrency-investment frauds draining Rs 21.06 crore from a 70-year-old senior chartered accountant in Gwalior and scattering the money through a nationwide maze of thousands of bank accounts.

The money allegedly stolen from Ashok Vijayvargiya, a senior CA and Chief Returning Officer of the Madhya Pradesh Chamber of Commerce and Industries, did not remain in a handful of fraudulent accounts. Preliminary investigation by the Gwalior State Cyber Cell indicates that the funds were pushed through a complex four-layer banking network, involving more than 20,000 digital transactions and accounts spread from southern India to the northern states.

The alleged fraud took place between December 2025 and July 2026. What initially appeared to be a profitable USDT trading opportunity ended with Vijayvargiya losing Rs 21,05,92,000 and being shown a fictitious profit of more than Rs 33 crore on a suspected fake trading portal.

The police have so far managed to freeze approximately Rs 2 crore, but the remaining money was allegedly moved, withdrawn, converted or used for other payments before investigators could stop it.

Advertisement

According to preliminary findings, the fraudsters used a multi-layered transfer system designed to ensure that the money could not be easily traced or frozen.

Cyber team has reportedly prepared a detailed list of 77 accounts and initiated steps to block or scrutinise them.

From these first-layer accounts, the money moved into 493 second-layer accounts. It then spread further into approximately 12,700 accounts in the third layer.

Advertisement

In the fourth layer, investigators have detected around 7,500 further transactions, through which the money was allegedly withdrawn or converted using ATMs, shopping vouchers, cash vouchers, online payments and cryptocurrency, including USDT.

In all, the trail presently covers approximately 20,049 transactions.

The movement of funds indicates that the money was deliberately fragmented into small and large amounts and rapidly circulated so that it would not remain parked in any account long enough for the police or banks to freeze it.

The cybercrime trail has reportedly reached bank accounts in Karnataka, Tamil Nadu, Andhra Pradesh, Kerala, Haryana, Uttar Pradesh, Gujarat, Rajasthan, Madhya Pradesh, Jharkhand, West Bengal and Chhattisgarh.

Investigators believe the network extends across the country, with suspected mule accounts being operated or controlled at several levels.

The scale of the transactions suggests that the account holders may not all be the masterminds. Some accounts could belong to money mules, people who allow their bank accounts to be used for receiving and transferring illegal funds in return for a commission. Others could be linked to fake firms, intermediaries, digital-wallet operators or organised cybercrime syndicates.

Advertisement

The cyber team is now trying to establish where the money ultimately went after passing through the fourth layer.

State Cyber Cell Deputy Superintendent of Police (DSP) Sanjeev Nayan Sharma confirmed that the case involved a nationwide network of accounts and transactions. "In one of the country's major fraud cases, senior Chartered Accountant Ashok Vijayvargiya was swindled out of Rs 21.06 crore under the guise of cryptocurrency, or USDT, trading. The funds were transferred through thousands of accounts across the country using a four-layer structure."

He said that the cyber team was concentrating first on the accounts that had directly received the victim's money. "Our technical team is scrutinising 77 first-layer bank accounts, and we have successfully frozen approximately Rs 2 crore across various accounts. We are also tracking the IP addresses associated with the fraudulent URLs and WhatsApp numbers."

Advertisement

The DSP said the technical investigation covers three WhatsApp numbers, several bank accounts and the URL of the suspected fake trading platform. "A case has been registered under the relevant legal provisions. The team is working to freeze the bank accounts, trace the IP addresses and identify and arrest the accused."

The FIR was registered against unidentified accused under Sections 318(4) and 319(2) of the Bharatiya Nyaya Sanhita and Section 66D of the Information Technology Act. The FIR records the alleged loss at Rs 21,05,92,000.

The case bears an unsettling resemblance to the famous "Pooja" dialogue from the Ayushmann Khurrana film Dream Girl. But in Gwalior, the conversation was not fictional entertainment.

According to the complaint, Vijayvargiya received a message in December 2025 from an Indian mobile number. The sender introduced herself as "Divya" and claimed to be an investment adviser.

She allegedly told him that investing in USDT Tether, a cryptocurrency designed to track the value of the US dollar, could generate unusually high returns within a short time.

The initial conversation took place through an Indian mobile number, but subsequent communication allegedly shifted to other numbers, including a number carrying the United States country code: +1 (516) 713-7291.

The police are verifying this number. Investigators suspect that it may be a virtual number, meaning the calls or messages may not necessarily have originated physically from the United States.

The alleged fraudsters sent Vijayvargiya a link to an online trading portal and helped him register an account. Once the account was activated, the portal began showing opportunities to invest in USDT, Bitcoin and other digital assets. The suspected fraudsters remained in regular contact through WhatsApp and guided him through the investment process.

The first investments were deliberately kept small. On December 25, 2025, Vijayvargiya allegedly transferred Rs 10,000 four times through UPI. A few days later, approximately Rs 1 lakh was transferred through a friend's UPI account. The portal showed that these investments were generating profits.

Then came the transaction that allegedly removed his final doubts. On January 7, the fraudsters allegedly transferred Rs 1.88 lakh into Vijayvargiya's HDFC Bank account as an initial return. This was not merely a profit displayed on the screen, the money was actually credited to his account. That payment convinced him that the trading platform was genuine and that the people advising him were trustworthy.

This is a familiar tactic in online investment frauds: a victim is first allowed to withdraw a small profit, creating confidence before being persuaded to invest substantially larger amounts. Once his trust had been secured, the investment demands increased rapidly.

On December 31, Vijayvargiya had already transferred Rs 15 lakh through RTGS from his Union Bank account to an account supplied by the alleged fraudsters. Over the following months, crores of rupees were transferred into numerous bank accounts.

Business associates linked to Vijayvargiya have reportedly claimed that he may not have been the only person whose money was invested through the platform. According to them, more than 35 acquaintances and business associates, who trusted his financial judgment and were prepared to invest on his advice, may also have become linked to the investment operation.

As the deposits increased, the suspected trading portal continued displaying rising returns. Eventually, Vijayvargiya's account allegedly showed a profit or withdrawal value of approximately Rs 33.25 crore.

But when he tried to withdraw the money, the transaction was blocked. The fraudsters then allegedly told him that the money could not be released unless he first deposited Rs 10.84 crore as income tax.

This demand marked the beginning of the final stage of the fraud. Every attempt to withdraw the supposed profit triggered a fresh demand for money. To make the arrangement appear credible, the alleged handlers reportedly offered to contribute Rs 5.34 crore from their side and asked Vijayvargiya to arrange the remaining amount.

Even after further payments and assurances, the money was not released. The fraudsters then demanded another Rs 1 crore as a "risk margin", allegedly claiming it was necessary because the withdrawal amount exceeded the permitted limit.

It was only then that Vijayvargiya realised that the profits shown on the portal might never have existed. Vijayvargiya has reportedly handed over WhatsApp chats, screenshots of transactions, account statements and details of multiple beneficiary accounts to the Cyber Cell.

Police said the complaint was also registered through the National Cyber Crime Reporting Portal and the 1930 cybercrime helpline. The prompt reporting enabled banks and the cyber team to place approximately Rs 2 crore on hold in different accounts.

One of the key leads is the number carrying the US country code. The police are examining whether it was genuinely operated from abroad or was merely a virtual number generated through an internet-based service. Investigators are also tracing the IP addresses connected with the WhatsApp communications and the alleged trading-portal URL.

////////////////////////

Featured Video Of The Day
Video: US Strikes Iranian Submarine Centre Using Sea Drones For First Time

Topics mentioned in this article