A security researcher, operating under the pseudonym "Srikanth L" and affiliated with CashlessConsumer, has alleged that the IDRBT's Domain Registration Portal, the exclusive registrar for India's .bank.in namespace, exposed over 33 unauthenticated API endpoints.