A post by Prem Soni on X has been making rounds on social media, describing what appears to be a loophole in food delivery platforms like Zomato that, if real and widespread, could quietly erode the economics of the entire food delivery model in India. Soni says he has heard of this happening, though whether it is isolated behaviour or a more organised practice remains unclear.
The core of what he describes is simple enough to make anyone in the food delivery business uncomfortable.
What Soni says he has heard
According to the post, some customers are reportedly placing a minimal order on Zomato, something as small as a single roti for ₹40, purely to activate a legitimate delivery slot and rider. They then call the restaurant directly, order a full meal worth ₹1,200 or more, and pay the restaurant via UPI. The restaurant packs everything together. The Zomato rider, with no visibility into the bag’s contents, delivers the entire order.
If this is happening, the customer is using the platform’s logistics infrastructure while paying commission only on ₹40. The restaurant collects full margin on the remaining ₹1,200 without the 25 to 30% commission it would normally owe the platform. Zomato, in this scenario, is effectively subsidising a delivery it has not been paid for.
Soni is clear that he has heard of this rather than witnessed it directly, and it is worth treating the description as an alert worth examining rather than a confirmed, widespread practice.
I have heard of a Zomato loophole which is so simple, terrifying and Zomato should be losing sleep over it
A person orders 1 roti on Zomato. ₹40.
Then he calls the restaurant directly 6 rotis, paneer butter masala, malai chaap, dal makhani, gulab jamun and pays them on UPI.…
— Prem Soni (@ValueWithPrem) May 25, 2026
Why it is worth taking seriously
Even as a possibility rather than a certainty, the structural logic of the loophole is sound. The incentives for both the customer and the restaurant to participate are real. The customer avoids platform fees, surge pricing, and GST on the off-platform portion. The restaurant retains margin it would otherwise surrender. Neither party faces obvious enforcement risk because the rider has no reason to inspect or question the package.
If even a small number of restaurants are quietly encouraging loyal customers to use this method, the commission leakage would be systematic rather than random. Food delivery platforms operate on thin margins at the best of times, and the business model depends entirely on commission scaling with the actual value of food being sold.
The broader point about platform trust
What Soni’s observation really highlights is a structural vulnerability that exists wherever a logistics network is triggered by a platform transaction but the contents of the transaction are not verified end-to-end. Food delivery platforms rely heavily on trust between all three parties: the customer, the restaurant, and the rider. A loophole that exploits that trust does not just affect revenue. It changes the nature of the relationship between platforms and restaurant partners.
Platforms like Zomato invest significantly in building restaurant partnerships, and any dynamic where restaurants have financial incentive to route customers off-platform erodes the foundation of that relationship over time.
What could be done
There are no easy answers here. Requiring package weight verification at pickup would slow operations considerably. Order value anomaly detection comparing restaurant menu pricing against actual order values could surface suspicious patterns. But closing this kind of behavioural loophole is fundamentally harder than closing a technical one, because the mechanism relies on coordination between humans rather than a software vulnerability.
The more immediate value of Soni’s post may simply be awareness. If platforms, restaurant partners, and customers are more conscious of this dynamic, the social and commercial disincentives to participate increase. Restaurants that encourage off-platform routing risk their relationship with the platform entirely if the behaviour is identified. That risk calculus may be sufficient to limit the practice even without a technical fix.
Whether this is a genuine widespread practice or an emerging one still limited to a small number of users, it is the kind of structural vulnerability that businesses in this space are right to think about carefully.
Credit: Prem Soni on X, who first described this scenario publicly. This article is for awareness purposes and does not endorse any action that exploits platform systems or violates terms of service.