Sriki allegedly hacked Unocoin Technologies Private Ltd of Tumakuru and fraudulently transferred 60.6 bitcoins worth ₹1.14 crore in 2017
Srikrishna Ramesh alias Sriki
A Special Investigation Team (SIT) probing the infamous multi-crore Bitcoin scam in Karnataka on Tuesday, 7 May, arrested the alleged mastermind Srikrishna Ramesh alias Sriki in a related 2017 case.
Sriki allegedly hacked Unocoin Technologies Private Ltd of Tumakuru and fraudulently transferred 60.6 bitcoins worth ₹1.14 crore in 2017.
The case was probed and charge-sheeted by the Central Crime Branch (CCB) of the Karnataka police in 2020. However, the Crime Investigation Department (CID) in Karnataka, in a separate charge sheet in another case against the same accused, pointed to gaps in the CCB’s investigation process.
In July 2023, after the Congress assumed power in Karnataka, an SIT was constituted to probe the case.
Unocoin director Harish BV had registered a complaint before Hosabadavane Police Station in Tumakuru on 26 March, 2017, alleging that unknown miscreants had hacked into their server database.
According to the SIT: “Unocoin Technologies Pvt Ltd director Harish BV registered a complaint against an unknown person alleging that the server database was hacked by a Bitcoin Exchange Company. Then illegally and fraudulently transferred 60.6 BitCoins worth about ₹1.14 crore to their wallets belonging to various customers and stole customer data of the fiduciary company.”
“Based on the complaint, the investigation was launched. Later, the state government constituted a special investigation team for a comprehensive investigation of Bitcoin hacking cases. Therefore, the case was transferred to the SIT on 18 July, 2023,” claimed the SIT.
It further said: “The investigating officials recovered the laptop from the accused Srikrishna and was subjected to scientific analysis. The SIT team was successful in cracking the case by finding the addresses of Christo, which the accused had concealed and hidden.”
“As per the prima facie and from the digital evidence collected, the accused hacked Unocoin Technologies Private Ltd’s Bitcoin Exchange Limited database and stole 60.6 bitcoins. Sirki was arrested from a private hotel in the wee hours in Bengaluru,” detailed the SIT.
Recently, the Karnataka High Court refused to grant anticipatory bail to a police inspector and Deputy Superintendent of Police, who are among the accused in the case.
#Karnataka: The SIT probing the infamous bitcoin case has arrested hacker Srikrishna Ramesh alias Sriki in connection with a 2017 case where Rs 1.14 crore worth 60.6 bitcoins were allegedly stolen from Unocoin Technologies platform.@DrGParameshwara @DgpKarnataka #Bitcoin pic.twitter.com/9We1gXXhz2
— South First (@TheSouthfirst) May 7, 2024
Srikrishna Ramesh alias Sriki, a hacker was aged a mere 25 when Bengaluru’s CCB police arrested him and his associates in a narcotics case in November 2020.
Sriki was accused of procuring drugs using Bitcoin — the world’s best-known cryptocurrency — via the dark web, which noted cybersecurity firm Kaspersky describes as “sites that are not indexed [by search engines] and only accessible via specialised web browsers”.
When Sriki was caught in end-2020 for peddling these narcotics to high-profile clients, it was not his first run-in with the police.
Srikrishna first appeared on the police radar in 2015, when he was arrested in connection with a bank account hacking case. However, he was granted bail quickly.
The police said the fact that he was not monitored after this case emboldened him, and he ended up racking up multiple cybercrimes and drug peddling charges over the years.
In February 2018, he was named as one of the accused in a pub brawl case involving Congress leader NA Haris’ son Mohammed Nalapad Haris.
Srikrishna was charged with attempted murder as one of the aides of Nalapad but went absconding.
While the rest of the accused went to jail, Srikrishna was at large till the time he got anticipatory bail. The police could not trace him since he didn’t use a mobile phone.
When Srikrishna was arrested again in November 2020 in the narcotics case, it opened up a Pandora’s box of murky cybercrimes.
Police sources said he remained distant from his family. He did not have any intimate relationships. His focus was on making money and consuming drugs.
He used to be hired by influential people for his expertise in cybercrime. Unfortunately for them, he created a detailed digital track of every exchange and interaction with them.
If he went down, he would take everyone down with him, recalled a senior police officer who interrogated Srikrishna in a cybercrime case.
On 17 December, 2019, a financial consultant of the e-Procurement Cell, Shylaja SK, lodged a complaint with the CID’s cybercrime police station in Bengaluru.
According to her complaint, she came across unauthorised fund transfers to the tune of ₹7.37 crore while verifying Earnest Money Deposit (EMD) refunds.
Investigations revealed that ₹1.05 crore was illegally transferred to bank accounts in Uttar Pradesh and Maharashtra. In all, a total of ₹11.55 crore had been siphoned off from the online portal of the Centre for e-Governance under the Karnataka government.
Based on her complaint, an FIR was registered and the CID sleuths initiated an investigation.
However, it was only in November 2020, when Srikrishna was arrested in the aforementioned narcotics case, that the police learnt that he was the mastermind behind the alleged hack.
Interrogating him in the narcotics case, the CCB claimed to have recovered 31 Bitcoin — valued at ₹9 crore back then — from Srikrishna. This claim was later retracted.
It may be noted that each Bitcoin was trading at around ₹13-14 lakh towards the end of November in 2020. It reached its peak — around ₹47.88 lakh apiece — in November of the next year, before crashing. On 7 May, 2024, its value is over 53 lakh.
It may also be noted that Bitcoin has for quite some time been the favoured mode of payment for hackers and scammers because of its decentralised and anonymous nature, which makes it hard to track.
It is also the preferred currency for dealers of contraband in the aforementioned dark web.
Sriki’s legal counsel, senior advocate Dayanand Hiremath, had told South First that there are at least nine cases registered against him, and it is less likely that a new FIR would be registered as most of these cases have been investigated and even charge sheets have been filed. They are in various stages of progress.
“One case for a vandalising and assault at a star hotel, two other cases including the narcotics case registered by the Central Crime Branch police, and six other FIRs — including the ones at the Kempegowda Nagar and Cottonpet Police Stations — were registered against him and investigated,” he noted.
“He is very smart. He looks up his court dates and appears before the judge without advocates. According to me, he thinks 10 times faster and is ahead of a normal person,” Hiremath told South First.
The case that brought Sriki to the spotlight was the FIR registered against him based on the complaint of the financial consultant of the e-Governance portal. The case was probed in detail, and the preliminary charge sheet was filed on 9 December, 2021.
According to the facts of the case, Sriki and his associates Suneesh Hegde and Prasidh Shetty conspired to hack the portal belonging to the e-procurement cell to alter bids posted by vendors and siphon off money.
Sriki successfully hacked the portal belonging to the Karnataka government using the jsp.spy hacking tool — a trojan, which is a virus that is downloaded as a legitimate program before beginning its illegal activities.
This specific tool can be used to spy or record Java Server Pages (JSPs), which themselves are used to create responsive websites.
Sriki allegedly used this tool to modify the database of the portal by altering the EMD refund instructions and — in the first incident — siphoned off ₹1.05 crore on 1 July, 2019, to the bank account of Nimmi Enterprises, owned by one Vinit Kumar, who is also an accused in the case.
The charge sheet stated Srikrishna created an online account on a messaging portal called Wickr with the username “dicerhash2”.
He then contacted another associate, Sushil Chandra, through messaging groups. Based on the instructions of Sriki, Sushil Chandra opened a user account on Wickr with his email address letsbizgain@gmail.com and started privately chatting with “dicerhash2” about arranging for bank accounts to transfer the funds on a 50-percent-commission basis.
Sushil Chandra later approached Harwinder Singh to arrange for other bank accounts.
On 9 July, 2019, a bank account belonging to the Uday Gram Vikas Sanstha witnessed a deposit of ₹10.5 crore. The proceeds were then passed on to different bank accounts belonging to the accused, the charge sheet stated.
The money eventually ended up with the prime accused duo — Suneesh Hegde and Srikrishna.
Soon after getting the money, Sriki, Suneesh Hegde, and their friends toured several parts of India, including Uttarakhand and Delhi, staying at luxurious hotels, and using other means to blow the proceeds of the crime, the charge sheet stated.
According to it, in a case registered at the Cybercrime Police Station in Bengaluru on a request from the case’s investigating officer (IO) Inspector Nayaz Ahmed, the court ordered searches at 10 addresses in Nagpur in Maharashtra to recover the proceeds of the crime that were parked in several bank accounts.
The charge sheet also mentioned that the petitioner from the government portal filed an application seeking interim custody of the funds frozen by the IO in the case by effecting their reversal from the account of beneficiaries to its account.
Several beneficiaries were named in the charge sheet in both cases.
Beneficiaries named in the charge sheet were Nimmi Enterprises, Harwinder Singh, Amar Narwal, Elegant Enterprises proprietor Vinay Malik, AV Infratech proprietor Amar Narval, KP Atri and Associates proprietor Krishan Pal Yadav, and Gurpreeth Kaur (the first instance).
Beneficiaries named in the second instance were four different bank accounts of Uday Gram Vikas Sanstha, Somanath Sales, JAI Trading Company, Agarwal Enterprises, Prakash Enterprises, Vardhaman Wires and Cables, Global Resourcing, and Abeer Steel.
The IO testified in the court that the fraudulent transactions worth ₹1.05 crore and ₹10.50 crore occurred on 1 July 2019, and 10 July, 2019, respectively.
It was a little before this time — March 2021 — that the Enforcement Directorate (ED) was approached to probe money-laundering charges.
In August of that year, the ED said in a statement that ₹1.44 crore lying in 14 bank accounts had been provisionally attached as part of its investigation in the case.
During the course of the ED investigation, it came to light that someone — Sriki, as it turned out — had hacked the Karnataka government’s e-governance portal.
Funds to the tune of ₹10.5 crore and ₹1.05 crore were diverted to bank accounts of the Nagpur-based NGO Uday Grama Vikash Sanstha and Uttar Pradesh-based proprietorship Nimmi Enterprises, respectively, the ED said in its statement.
Srikrishna was subsequently found to be involved in cybercrimes like ransomware attacks, hacking into Bitcoin exchanges, looting cryptocurrency, money laundering, and cyber fraud.
May 19, 2024
May 19, 2024
May 19, 2024
May 18, 2024
May 18, 2024
May 18, 2024
