Despite making a public announcement in January 2021 it seized 31 Bitcoins worth Rs nine crore from a hacker arrested in November 2020, the Bengaluru police have not shown the seizure in a chargesheet filed the following month. The chargesheet related to the illegal hacking activities of the hacker Srikrishna alias Sriki, 26.
One of the primary reasons for a cloud of suspicion of corruption around cases involving the hacker — which has now become a source of concern for the BJP government in Karnataka —is the disappearance of these 31 Bitcoins. The whole episode has highlighted the lack of protocols and expertise within the police in handling new age crimes involving crypto currencies and the dark net, police sources said.
According to multiple sources in Bengaluru police, the hacker tricked the police into believing he had transferred the Bitcoins (claimed to have been acquired by hacking three Bitcoin exchanges) to a police wallet for seizure.
The Bengaluru Central Crime Branch police had obtained permission from the state Chief Secretary to create an e-wallet and use experts from the Indian Institute of Science to oversee the seizure. It, however, found later that the hacker falsely claimed possession of Bitcoins that were actually located in a bitcoin exchange online into which he had gained some access, police sources said.
Following his arrest in November 2020 – in a case of buying drugs on the dark net with Bitcoins – the police had announced the seizure of 31 stolen Bitcoins worth Rs nine crore – the largest Bitcoin seizure in a crime in Bengaluru.
In January 2021 when Union Home Minister Amit Shah visited Bengaluru to launch a slew of police projects in Karnataka, the police held an exhibition to showcase the arrest of Srikrishna alias Sriki. A statement at the exhibition with Sriki’s picture said he had “hacked 3 Bitcoin exchanges and 10 poker websites. Bengaluru police have so far seized Rs 9 crore worth of bitcoins from him”.
The charge sheet filed on February 22 only shows seizure of Apple Macbooks, iphones and other computer devices belonging to the hacker and four of his associates. Police sources said no seizures of Bitcoins had been shown because Srikrishna had tricked crime branch officials into believing he was going to transfer Bitcoins in his possession to a police wallet.
“He showed us the presence of 31 Bitcoins. He provided a primary password on a site and showed the presence of 31 Bitcoins. Based on this disclosure, a seizure procedure was initiated. When we looked at the wallet again, there were over 180 coins and we realised he was falsely claiming possession of coins in a Bitcoin exchange,” a police source said.
A senior police officer said the Karnataka police does not have any stipulated procedural guidelines for seizure of crypto currencies if they are found in the course of crime investigations. “Ideally, a physical wallet – not connected to the Internet – should be used to carry out seizures of Bitcoins in the possession of the accused. This can prevent rigging of e-wallets,” the officer said.
According to a private cyber crime expert who occasionally works with the police in most cases, as many as six confirmatory passwords are required for transfer of crypto currency from one wallet to another while the minimum number of authorisations is three.
One of the issues in the case of Srikrishna was that his knowledge of computer systems and hacking was much higher than that of police officials and others which led to the police being easily misled, the sources said. “The seizure of the Bitcoins was done in the presence of the hacker himself. The police should have seized it independently with experts,” said another police source.
In a statement to the police after his arrest in November 2020, Srikrishna claimed to have been involved in the hacking of three international Bitcoin exchanges – Bitfinex, BTC-e.com and Mpex – to gain access to over 5,000 bitcoins (now worth over $300 million) and several poker gaming sites to rig poker games in favour of his associates or to extort the companies.
Police sources said the public announcements of the seizures of 31 bitcoins worth Rs nine crore were made in the case against Srikrishna before the seizures were properly confirmed.
The disappearance of the 31 Bitcoins claimed to have been seized by the police and hacker’s claim of stealing over 5,000 Bitcoins through the hacking of Bitcoin exchanges has raised suspicion of corruption in the handling of the international hacker’s case. The opposition Congress in Karnataka has questioned the BJP government over the disappearance of Bitcoins in the case.
“In chargesheet filed by CCB police, it is recorded that the accused looted 5,000 bitcoins through unethical hacking. Who holds these bitcoins now? Have they got it transferred to accounts of investigating agencies? Or are they clueless?” Congress leader Siddaramaiah said on social media a few days ago.