The Karnataka bitcoin scam where politicians and police officials allegedly received kickbacks in the form of bitcoins from an international hacker, arrested by the Bengaluru police in November 2020, has resurfaced again with the Opposition Congress claiming that FBI officials were in India to investigate claims that the hacker had stolen from a foreign bitcoin exchange in 2016.
Srikrishna Ramesh alias Sriki, 26, has claimed in statements given to the Bengaluru police that he had hacked into the British Virgin Islands-based Bitfinex cryptocurrency exchange in 2015-16. The FBI and other US agencies are investigating the theft of 1,19,754 bitcoins (valued at $4.5 billion at present) from the exchange.
Congress leaders unleashed a series of social media posts on Friday and Saturday renewing allegations of corruption in the way the BJP government has handled cybercrime cases involving the hacker.
“Is the FBI in India to investigate India’s biggest bitcoin scam cover-up under the Karnataka BJP government? If so, release details of the investigation and suspects, including political people” Randeep Surjewala, Congress in-charge for the state, said on social media in questions directed at Union Home Minister Amit Shah and Chief Minister Basavaraj Bommai.
“Whether the ‘Whale Alerts,’ reflecting the transfer of 14,682 stolen Bitfinex bitcoins valued at Rs 5,240 crore on the two dates—1 December 2020 and 14 April 2021—when Srikrishna was in custody—has any correlation?” Surjewala said on Friday.
The layers of #BitcoinScam are finally being unearthed!
Let India’s HM & CM Bommai answer-
1. Is FBI in India to investigate India’s biggest #Bitcoin Scam Coverup under Karnataka BJP Govt?
If so, release details of the investigation & suspects, including political people?
— Randeep Singh Surjewala (@rssurjewala) April 8, 2022
Former chief minister Siddaramaiah raised similar questions on social media. “Is FBI’s intervention a result of ED and CBI’s failure? Or an outcome of a failed attempt by BJP leaders to cover up,” Siddaramaiah said. “The chronology of the alleged Bitcoin scam raises a lot of suspicion about the involvement of @BJP4Karnataka leaders. Why was the ED, CBI, or Interpol not informed till it was reported by the media? Was it bcoz the then @HMOKarnataka @BSBommai was scared of being exposed?” he added.
The news of investigation by FBI on Indian soil is very concerning & it raises questions on the efficiency of Indian intelligence agencies.
— Siddaramaiah (@siddaramaiah) April 9, 2022
Bommai has brushed aside the claims. “There is no value to these tweets. If there is anything concrete let them provide it. There is no point in putting these messages on social media,” he said.
Police sources said there had been no communication between US agencies and the state police with regard to the hacker or the Bitfinex hack.
Last year, the Bengaluru police said in an official statement that Srikrishna’s claims of breaking into international cryptocurrency exchanges were flagged to the CBI’s Interpol units on April 28, 2021.
The FBI is investigating the August 2016 Bitfinex hack in which Srikrishna claimed to have been involved. He claimed to have been part of a hacking group in the Netherlands when he was a computer science student.
Soon after the hack, an unidentified complainant petitioned police in Cambridge in the US state of Massachusetts that “his bitcoin account was hacked and $1,300,000 was stolen”.
In response to a query, Jeremy Warnick, director of communications at the Cambridge police department, told The Indian Express in an email in December 2021, “The Cambridge resident had an account with a digital asset trading company that was hacked and resulted in the theft of bitcoins from an unknown amount of their account holders. The company notified the FBI and they were leading the investigation of the hack.”
Based on a request for information made under Freedom of Information/Privacy Acts by The Indian Express, the FBI stated in December 2021 that it had been “unable to identify records” with respect to the Bitfinex hack. An official in the information and records dissemination section at the FBI, Michael Seidel, said in an email response that “a search of the places reasonably expected to have records” was carried out and that “we were unable to identify records” on the hack.
However, in February this year, US agencies—a criminal investigation unit of the Internal Revenue Service, the FBI, and a Homeland Security investigation unit—reported the detection of nearly $3.6 billion’s worth of the bitcoins from the 2016 hack, following the arrests of Ilya Lichtenstein and his wife, Heather Morgan, in New York. The US agencies have reported the recovery of 94,636 of the stolen bitcoins from the 2016 hack.
The New York couple allegedly held and laundered the cryptocurrency stolen by the hackers in 2016. The US investigations have found that a set of email IDs used to create accounts at a virtual cryptocurrency exchange where a portion of the stolen bitcoins was parked in 2017 were generated using India-based email service providers. They have not referred to the people involved in the 2016 hack.
Srikrishna, in a voluntary statement to the Bengaluru police after his arrest, alluded to hacking the Bitfinex exchange and illegally accessing bitcoins. “Bitfinex was my first big bitcoin exchange hack. The exchange was hacked twice and I was the first person to do so. The second instance was a simple spear-phishing attack which led to two Israeli hackers working for the army getting access to the computers of one of the employees which gave them access to the AWS cloud account,” Srikrishna told the police. The Israeli hackers—two brothers—were incidentally arrested in their country in 2019.
According to his statement, Srikrishna made an “approx profit: 2000 BTC” (bitcoins) from the Bitfinex hack and blew the entire amount on a “luxurious lifestyle”. “The price of bitcoin was around $100-$200 which was split with my friend Andy from the UK,” the hacker stated, as per the recordings made by the police.
The hacker also said he had managed to sell the stolen Bitfinex bitcoins by using concealment techniques. “In 2018 November I have [sic] downloaded the acknowledgment for the BTC transaction which came in from Helix mixer amounting to around 510 BTC which basically was from a hack of a Bitfinex exchange from the hacking group I was a part of and later those funds were transferred to the Netherlands to my friend’s account,” reads Srikrishna’s statement.
In another case, where he is accused of hacking a poker-gaming site, Srikrishna claimed that he voluntarily agreed to give away the bitcoins in his possession to police after his arrest.
“I understood the case scenario that even if I do not give them the Bitcoins they can use forensic methods to find the Bitcoins, after a talk with the investigating officer. So post consultations, I voluntarily accepted [sic] to give away the bitcoins which I had kept in various wallets in different cryptocurrencies,” reads the statement.
Blockchain analysts reported on social media on April 14, 2021, that nearly 12,000 out of the nearly 1,20,000 stolen Bitfinex bitcoins had moved for the first time in over four years. Analysts reported it as the biggest movement of the stolen bitcoins. Srikrishna was in judicial custody at the time and was released on bail around April 21, 2021.
The Bengaluru police, the state crime investigation department, and the Enforcement Directorate have been investigating various crimes allegedly committed by Srikrishna and his associates in India—including the theft of Rs 11.5 crore from the state government’s e-procurement portal in 2019.
In January this year, an older brother of the hacker was stopped at Bengaluru airport from leaving for the Netherlands, based on a lookout circular issued by the ED, which has been investigating the money-laundering aspects. The hacker’s brother has not been named in any of the crimes linked to Srikrishna but has been questioned by the ED on a few occasions.