DoorDash Driver Scams Company Out of 2.5 Million Using Fake Deliveries

A former DoorDash delivery driver, Sayee Chaitainya Reddy Devagiri, recently pleaded guilty to conspiracy to commit wire fraud after orchestrating a scheme that defrauded DoorDash of over $2.5 million. The case, announced by the U.S. Attorney’s Office for California’s Northern District, reveals a sophisticated fraud involving fake customer accounts, fraudulent deliveries, and misuse of employee credentials.

The scheme operated between November 2020 and February 2021 and involved multiple accomplices. Devagiri created fraudulent customer accounts to place expensive orders through the DoorDash app. Using stolen credentials from a DoorDash employee, he manually assigned these orders to fake driver accounts controlled by the conspirators. The orders were then falsely marked as completed, prompting the system to issue payments for deliveries that never occurred.

Remarkably, Devagiri would then revert the order status back to “in process” and repeat the process multiple times, completing hundreds of fraudulent transactions in under five minutes each. This rapid, cyclical manipulation exploited DoorDash’s payment system vulnerabilities and insider access controls.

The insider whose credentials were used, Tyler Thomas Bottenhorn, was charged separately in 2022 and pleaded guilty in 2023. Devagiri and four others were charged in August 2024 for their roles in the conspiracy. Devagiri faces up to 20 years in prison and a $250,000 fine, with a status hearing scheduled for September 2025.

Broader Implications for Cybersecurity in Delivery Platforms

This case highlights the critical importance of robust cybersecurity measures and insider threat management within digital delivery platforms. The exploitation of employee credentials and system vulnerabilities allowed fraudsters to bypass standard controls, resulting in significant financial damage. Companies operating in the gig economy must implement stringent access controls, continuous monitoring, and anomaly detection to prevent similar fraudulent schemes.

Furthermore, this incident underscores the need for comprehensive fraud detection systems that can identify unusual patterns such as rapid order status changes and repeated transactions from the same accounts. Integrating AI-driven analytics and real-time alerts can empower companies to respond swiftly to suspicious activities, safeguarding their operations and customer trust.

As delivery services continue to grow, the intersection of cybersecurity and operational integrity becomes increasingly vital. Lessons from this case can guide businesses in fortifying their platforms against insider threats and sophisticated fraud attempts, ensuring sustainable growth and resilience in a competitive market.