A drug bust opens a can of bitcoins

A drug bust opens a can of bitcoins

Ramesh alias SriKi, a 26-year-old hacker from Bengaluru, is at the centre of a bitcoin corruption storm in Karnataka that has emerged as a serious headache for the Basavaraj Bommai government. K.V. Aditya Bharadwaj profiles the young man’s unquenchable thirst for chasing bitcoins, drugs and trouble

Self-proclaimed hacker Sri Krishna’s capacity to churn political waters belies his youth. At the age of 26, the computer science graduate from Bengaluru — who was caught in a drug bust last year where transactions were made in cryptocurrency — has become the centre of an alleged bitcoin scam. It has shaken the Basavaraj Bommai-led Bharatiya Janata Party (BJP) government after he took charge as Chief Minister in July.

Questions have been raised after the Leader of Opposition and former Chief Minister Siddaramaiah claimed that “influential Karnataka politicians” are involved in the drug and cryptocurrency scam. Political circles were abuzz with rumours of bitcoins belonging to Sri Krishna, or SriKi as he is called, disappearing while he was in custody. But the answers are proving to be elusive, the trail as shadowy as the world of cryptocurrency.

As he walked out of prison on November 10 on bail, the media asked a visibly fidgety SriKi about the allegations and counter-allegations that have allegedly even reached the Prime Minister’s Office. He dismissed the claims as “bogus, a nuisance”. “Big people take big names,” he said with a smile.

‘Cover-up’ allegations

Bommai, fresh from a setback with a defeat in the bypolls in his home district, has had to battle allegations of a “coverup of a bitcoin scam” by the State police when he was Home Minister under then Chief Minister B.S. Yediyurappa. He reportedly complained to the party high command against two of his cabinet colleagues, both aspirants for the Chief Minister’s chair that he eventually won, for “spreading canards about him in the bitcoin scam.”

SriKi’s voluntary statement written while in police custody has further muddied the waters even though it has no evidentiary value and his lawyer says he will deny it in court. In his statement he claimed he was part of several bitcoin exchange hacks including the infamous 2016 Bitfinex hack, one of the largest cryptocurrency heists in the world. He claimed to have stolen over 5,000 bitcoins. However, the police have not charged him for these specific claims on the grounds of lack of evidence.

Is it self-aggrandisement on the part of a young hacker, or is there a kernel of truth to this? The ‘scam’ has since taken a life of its own. It is now alluded that “two top BJP functionaries in the State” and several senior police officials have been the beneficiaries of “thousands of bitcoins” that were diverted to their accounts for a cover-up. Not even the Opposition Congress explicitly made this allegation on record for want of documents to back the claim.

Political circles in Karnataka are abuzz that Prime Minister Narendra Modi’s office sought details of the case after it was tipped off by U.S. investigating agencies. However, there is no independent confirmation of the same. An RTI activist, A.R. Ashok Kumar Adiga, claimed he lodged a complaint with the PMO in May 2021.

It began with a cannabis case last November. Suspecting the contents of a parcel of organic coffee to contain narcotics, a customs inspector at the Foreign Post Office, Chamarajpet, laid a trap. The parcel was addressed to one Arnav Gowda. On November 4, 2020, officials caught the person who arrived to collect it, Sujay Raj.

Among the contents was 500 grams of hydro cannabis ordered on the darknet. The Kempegowda Nagar police who took up the probe uncovered a larger network of people who regularly partied together. Cops said they procured narcotics from dealers on the darknet using bitcoins as a mode of payment. A police head constable was involved in ensuring that their parcels evaded the authorities here.

The case was transferred to the Central Crime Branch (CCB), a specialised investigation wing of Bengaluru City Police. Their probe into the bitcoin angle took them to Sri Krishna Ramesh, then 25, son of a chartered accountant from Jayanagar, an upper middle-class locality. He was arrested on November 18. “As soon as we brought him in, he started singing. The claims he made shocked us. He said he hacked several poker websites and bitcoin exchanges. He also confessed to have hacked into the State government’s e-procurement site and stolen ₹11.5 crore. There was a case pending with the CID. We realised we had arrested a high profile hacker,” said a senior CCB official.

In his voluntary statement, SriKi claims to be a child prodigy who “learnt basics of web exploitation, java, reverse engineering and wrote my first bot for a game called RuneScape” when he was in Class IV. Between Classes IV and X, he claimed to have joined an Internet Relay Chat (IRC) channel ‘h4cky0u’, a community of over 50,000 black hat hackers and was promoted to be a moderator when he was Class IX. “While running the IRC network, I made several internet friends who changed my life by mentoring me in various aspects of crime, specifically financial, yet not unethical,” the statement said.

“He was a nerd in school and was called ‘freaky SriKi’ by other kids who harassed him. This left a lasting impression and shaped his personality in many ways,” a senior police official who interrogated him multiple times told The Hindu. SriKi claimed to have been habituated to drugs while in pre-university. He started ordering narcotics from the darknet, and ran away to the Himalayas when he was 17 years old, but was brought back home by the police.

Though he joined an engineering course, he dropped out as the “syllabus was too elementary”, he told the police. He later went to Eindhoven University of Technology, Netherlands where he completed his BSc. in Computer Science.

SriKi claimed that while in the Netherlands, his driver, who would chauffeur him “around the country to deal in cash exchanges” stole bitcoins worth U.S. $3 million which he had accumulated through hacks. Starting from scratch, he described how he expanded his network of friends to Italy, Switzerland, Sweden, France and Germany. “This network of bitcoin traders quickly allowed me to recuperate my losses by marginalised trading after the hack of an exchange (Bitfinex),” his statement read.

A heady life

SriKi returned to Bengaluru in 2015 and befriended Omar Nalapad, son of Congress MLA N.A. Haris. He led a lavish lifestyle involving parties, substance abuse and prolonged stays at five-star hotels.

He was a co-accused in an assault case in February 2018 involving Omar’s brother Mohammed Nalapad at the city’s posh UB City. He fled the city and was on the run in north India for six months till he secured bail in the case.

The CCB has not questioned the Nalapad brothers in either the drug bust or the cyber crimes case against SriKi. The hacker claimed that he disassociated himself from the brothers after the assault. Police said their probe revealed the same.

On his return to Bengaluru, SriKi acquired a new set of friends and hung out with a contractor Suneesh Hegde, his cousin Prasidh Shetty and others, all coaccused in the case now.

Hegde told the police that they used to live at star-hotels, and while partying, Sri Krishna would hack poker websites, showing them the card of the opposite player helping them win big. “He claimed to have hacked and stolen several bitcoins and promised to give them to me. So I have till now spent over ₹2 crore on him,” Hegde claimed in his statement.

However, eventually the two reportedly fell out as SriKi did not deliver on the promises he made. The duo are accused of carrying out ransomware attacks on several websites and fleecing money.

A key witness in the case, Robin Khandelwal, 32, a bitcoin trader from West Bengal, told the police that SriKi befriended him online. The young hacker offered to sell 900 bitcoins he claimed to have stolen. He described how Sri Krishna convinced everyone to support his lifestyle by promising a huge windfall in bitcoins. But he did not part with any of it leading to bitter tiffs within the gang. Things came to a head when Hegde allegedly decided to ‘do something about this’.

Khandelwal claimed that when he was in Bengaluru for a visit, Hegde took him and SriKi to his flat and forced them to remain there in an attempt to wrest the bitcoins from them. “Sri Krishna told me, ‘Let us not give the bitcoins I have to Hegde and his friends’. He suggested we flee from the balcony and we did that,” he said in the statement.

In his statement, Sri Krishna said Hedge earned his loyalty and respect “since he seemed like a guy that could be trusted”, but added: “Little did I know that there lived a demon inside him waiting to extort the living hell out of me.”

Khandelwal has since emerged as a key witness in the case as the hacker traded most of his bitcoins at his firm Robin Online Services. He told the police he has done business worth over ₹8 crore with SriKi. The latter would send him bitcoins with instructions to credit money into his friend’s accounts as he held no bank account. Khandelwal claimed he even booked a chartered flight for SriKi when he was on the run in the 2018 UB City assault case.

In search of evidence

SriKi claimed he was part of the group that hacked the cryptocurrency exchange Bitfinex in 2016. A total of 1,19,756 bitcoins were stolen in this hack. He told the police the “exchange was hacked twice” and in fact he was “the first person to do so”. The “second hack was led by two Israeli hackers working for the army.”

He further said he transferred 2,000 bitcoins into his personal account, but “didn’t save anything and blew it up on [a] luxurious lifestyle”. The value of each bitcoin at the time of the hack was around $100-$200 which was “split in two ways with his friend Andy from the U.K.”.

He then claimed to have hacked another bitcoin exchange, BTC-e.com, “which was a major financial profit for me” and stole 3,000 bitcoins (approximate profit: $3-$3.5 million). The exchange was shut down by U.S. agencies in 2017 and its founder Alexander Vinnik is currently serving a prison sentence in France for money laundering.

But where are all these bitcoins? On January 12, 2021, the Bengaluru City Police said they recovered 31.123 bitcoins worth ₹9 crore from SriKi. Investigators changed the password of the wallet that reportedly belonged to the hacker on January 8. However, it did not take long for this claim to unravel.

On January 22, when they reopened the wallet, they were shocked to find 186.8 bitcoins with the wallet reflecting live transactions between January 8 and January 22. Technical experts from Unocoin, whose exchange SriKi is charged with for hacking, submitted a report that the accused used public keys of wallets available on the internet to create a wallet and “modified the application to show fake transactions.” They insisted that the wallet was a live exchange.

Following these revelations, former Minister for Information and Technology and Congress MLA Priyank Kharge demanded an inquiry into the fiasco. A senior police official, not involved in the probe, expressed surprise that a departter mental probe had not been ordered into it. “The hacker should have been booked for hacking right under the nose of cops,” he said.

Bengaluru City Police Commissioner Kamal Pant said in a statement that “none of the bitcoins were transferred to the police wallet, so none were either recovered or lost.”

Questions have been raised on the failure of the police to charge Sri Krishna on all his claims. None of the multiple chargesheets mentions any of the high value bitcoin hacks, triggering intense speculations of a “cover-up”. “The voluntary statement of the accused in police custody has no evidentiary value, unless corroborated with evidence. We have charged him only with crimes that we found digital footprints for in the electronic devices seized from him and his co-accused, including those not mentioned by the accused in his statement,” a senior police official said.

The CCB has charged him with hacking 10 poker websites and three bitcoin exchanges, but not Bitfinex and BTC-e. The CID has chargesheeted him for hacking the government e-procurement portal and stealing ₹11.5 crore.

Police estimates peg the profits the hacker claimed to have made through hacking as on the date of the crime at ₹72.9 crore, of which he has now been charged only for crimes worth ₹14.2 crore — ₹2.70 crore by CCB and ₹11.5 crore he stole from the government eprocurement website chargesheeted by CID.

“Despite our best efforts, we were unable to find corroborative evidence to all the claims he has made in his statement. They may either be tall claims with no factual basis, or he may have used other electronic devices we haven’t been able to lay our hands on and later destroyed them,” said a senior CCB official. The Enforcement Directorate that has also taken up a probe has failed to nail the hacker down, so far. A senior ED official who has questioned SriKi multiple times said the hacker was very dodgy. “He suffers from withdrawal symptoms as he is habituated to narcotics. He makes tall claims, but is rarely coherent and consistent,” he said.

The bigger picture

As the newly anointed Chief Minister faced the first test of his political leadership during the bypolls in his home district, Hangal, the BJP lost the hotly contested seat and political circles were abuzz with a “bitcoin scam involving two senior BJP functionaries in the State”. According to claims, mostly coming from a faction-ridden BJP, investigative agencies in the U.S. flagged the case with their Indian counterparts during Prime Minister Narendra Modi’s visit to the country in September.

The Hindu could not independently verify these reports. Amid these rumours, Bommai met the Prime Minister in New Delhi on November 11. After the meeting, the Chief Minister claimed that despite attempting to raise the issue, the Prime Minister cut him short and asked him “not to worry about the bitcoin scam allegations.”

Leader of Opposition Siddaramaiah was the first to question the Chief Minisopenly on the alleged scam saying there were strong suspicions of a “cover-up”. Bommai has aggressively defended the government claiming they were the ones who arrested the hacker, uncovered the crimes while the Congress government had not probed him when he was a co-accused in the UB City assault case.

“Congress leaders are making baseless allegations. A thorough probe would only lead the agencies to the sons of Congress leaders,” Bommai said. He also claimed the government had nothing to hide and they had flagged the case to the Enforcement Directorate (March 3, 2021) and the Interpol Division of the Central Bureau of Investigation (April 28, 2021). Questions have now been raised on the delay in alerting central agencies, especially since the hacker had been arrested in November 2020.

The smoking gun

Movement of large caches of hacked, stolen and blacklisted Bitfinex coins, when SriKi was in custody, has emerged as the smoking gun and is being speculated as an indication of the scam.

On November 30, 2020, when SriKi was in CCB custody, blockchain tracker and analytics service Whale Alert, flagged 14 transactions where 5,045.48 bitcoins from the Bitfinex hack were moved to unknown wallets. In a second tranche of transactions, on April 14, 2021, when SriKi was in judicial custody, Whale Alert flagged 69 transactions where 1,0057.47 bitcoins were moved to unknown wallets, the biggest tranche of transactions of these stolen bitcoins since 2016. At the time, the value of bitcoins moved was estimated to be over ₹5,000 crore.

Though no one will come on record, political circles are abuzz that several prominent politicians and cops were beneficiaries of these bitcoin transactions. “Whether some of the transferred bitcoins were from Sri Krishna should be a matter of an independent investigation,” said Randeep Singh Surjewala, AICC general secretary in-charge of Karnataka.

However, as of now there is no evidence but for his claim to link Sri Krishna to the Bitfinex hack. City Police Commissioner Kamal Pant in a statement on November 13, dismissed links to the Bitfinex hack and the reported recent transactions of the hacked coins. “The claim made on Whale Alert that stolen bitcoins were transferred is completely unsubstantiated. And there is nothing to suggest it had originated from Bengaluru,” the statement said.

Police further said representatives of Bitfinex company had neither shared any details of the alleged hack nor sought any information so far.

The Opposition Congress has now demanded a Supreme Court-monitored probe into the scam and the alleged cover-up by a Special Investigation Team (SIT). The BJP government has said since the central agencies were already probing the case, this was unnecessary. The alleged scam is only expected to become the litmus test for Bommai as the winter session of the Karnataka Legislature begins.