Delhi-Based Sneaker Brand Gully Labs Flags Internal Fraud, Tightens Controls After Employee Misuse Incident

A Delhi-based sneaker brand has highlighted a serious lapse in internal controls after alleging that a recently hired customer support (CS) employee misused backend access to generate 100% discount codes and place fraudulent orders worth nearly ₹2 lakh before exiting the company within a week.

In a post shared on X, Gully Labs founder Arjun revealed that the employee had joined the company only a couple of months ago and exploited internal systems during his first week on the job. According to the brand, the employee allegedly created full-discount coupons and used them to place multiple orders, which were shipped to the employee’s friends and associates.

The issue came to light during routine internal checks, after which the company confronted the employee. As per the founder’s statement, the employee initially agreed to cooperate and returned approximately 50% of the products. However, the remaining items had already been used, making recovery impossible.

The situation escalated further when the former employee allegedly sent legal notices accusing the company of harassment, after Gully Labs sought either the return of the remaining products or reimbursement for the losses incurred. The brand has denied the allegations and maintains that its actions were limited to recovering company losses arising from misuse of internal access.

While Gully Labs has not disclosed whether it plans to pursue legal action, the incident has prompted the brand to reassess its internal processes. The company stated that it is strengthening backend controls, including implementing tighter permission settings, access restrictions, and additional monitoring mechanisms to prevent similar misuse in the future.

The episode has sparked wider conversations within India’s D2C and startup ecosystem around internal security, trust-based access, and operational risk, especially in early-stage and fast-growing brands where speed often takes precedence over process. As many startups empower employees with broad system access to move quickly, incidents like this underline the importance of balancing agility with governance.

Industry experts note that such cases serve as a reminder for startups to adopt role-based access controls, audit logs, and approval workflows, even in smaller teams. While internal fraud remains relatively rare, its impact can be disproportionately high for young brands operating on tight margins.

Gully Labs’ swift response and transparency around the incident reflect a growing maturity among D2C founders, who are increasingly willing to acknowledge operational gaps and fix them proactively. As the brand tightens its systems, the incident stands as a cautionary tale for startups across sectors: trust is essential, but controls are non-negotiable when building scalable businesses.