Karnataka Bitcoin scam: cyber expert undergoes scientific tests as SIT hunts for trail of missing cryptocurrency
To find the trail of Bitcoins suspected to have disappeared from the wallets of an international hacker after his arrest in November 2020, a Special Investigation Team has administered scientific tests to a cyber expert who had assisted the Bengaluru police in its investigation.
The SIT carried out brain mapping and polygraph tests on Santhosh Kumar K S, the CEO of Group Cyber ID Technologies (GCID) who had assisted the Bengaluru Central Crime Branch (CCB) police in the investigations against hacker Srikrishna Ramesh alias Sriki, 29, in 2020, police sources said.
The scientific tests were conducted to ascertain the whereabouts of two of three nano ledgers or hardware crypto wallets that were bought at the behest of the cyber expert and reportedly used to transfer cryptocurrency when Srikrishna was in police custody.
Santhosh Kumar was arrested in February by the SIT in the Bitcoin scam and is specifically accused of illegally accessing the crypto wallet of Robin Khandelwal, an accountant and associate of Srikrishna, to transfer Bitcoin of the value of Rs 1,83,624 to his own crypto wallet, following the arrests of the duo in 2020. The transaction was allegedly facilitated by police officers who were investigating the hacker.
In recent weeks the SIT has referred to voluntary statements of the hacker Srikrishna and two technical experts who were witnesses in the case in 2020 to suggest that CCB police officers possibly facilitated the illegal accessing of crypto wallets containing 4,000 Bitcoins worth nearly Rs 850 crore belonging to the hacker following his arrest.
Sources said the SIT conducted the polygraph and brain mapping scientific tests on the basis of court orders and with the consent of the cyber expert. The tests are expected to indicate whether the cyber expert has knowledge of the fate of the Bitcoins found with the hacker in 2020.
Narcoanalysis not carried out
While a narcoanalysis test was also proposed and cleared, it was not carried out on account of the health condition of the cyber expert, sources said.
Advertisement
The SIT has alleged during the earlier bail arguments of Santhosh Kumar and other cyber experts that the services of the experts were used to delete the bash history on the Amazon web server where the crypto wallets of the hacker were located.
“As a result crucial information on the Bitcoin wallets in the Amazon Web Server was erased and put out of reach of investigations,” the SIT alleged earlier this year.
The SIT has also found that when Srikrishna was in custody, Santhosh Kumar obtained three nano ledgers or hardware crypto wallets from Surat through his associates, which were given to a police officer Prashanth Babu, who is an accused in the Bitcoin scam.
A large quantity of Bitcoins that were in Srikrishna’s wallets were transferred to these hardware wallets in January 2021, the SIT has alleged. The SIT has reported the recovery of one of the three hardware crypto wallets from Prashanth Babu and is seeking to find the two other hardware crypto wallets allegedly used for the transfer of the Bitcoins.
Advertisement
“There is information about the transfer of Bitcoins and wallets of Sriki to nano ledgers (hardware crypto wallets),” the SIT said during bail arguments in court proceedings.
Cyber expert in investigations
Santhosh Kumar’s services were often used by the Bengaluru police in cyber cases between 2015 and 2021. Apart from GCID, which he operated in Bengaluru, the cyber expert is also linked to a few other firms in Karnataka. He started a company called Geek Studio in Dubai in December 2022 along with a Bengaluru associate. “He had worked previously in Dubai and had business contacts,” a source said.
The Bitcoin scam from the BJP tenure of 2019-2023 is widely believed to have political ramifications. The SIT was constituted in July 2023 by the Congress government following allegations of large-scale corruption in handling the hacker’s cases by the police department under BJP rule.
After he was arrested in 2020, Srikrishna revealed to the police, as per documents including his voluntary statements filed in the courts, that he was in possession of a large amount of Bitcoins. He claimed that the police had pressured him into giving away the Bitcoins to them.
Advertisement
“I understood the case scenario that even if I do not give them the Bitcoins, they can use forensic methods to find the Bitcoins after a talk with the investigating officer. So post consultations, I voluntarily [agreed] to give away the Bitcoins which I had kept in various wallets in different cryptocurrencies,” reads a statement attributed to Srikrishna which is a part of the chargesheet in one of the hacking cases filed against him in 2021.
At the time of the hacker’s arrest in 2020, the value of one Bitcoin was in the range of $25000 (around Rs 20 lakh) and it soared to as high as $60,000 (around Rs 50 lakh) by April 2021.
The SIT has attempted to ascertain the veracity of the allegations made by the hacker that police officers took away his cryptocurrency following his arrest.
The SIT has filed a case of destruction of documents and cheating against officers of the Bengaluru CCB police in connection with the alleged manipulation of electronic devices seized from Srikrishna and his associates.
Advertisement
Forensic evidence
The SIT quoted a digital forensics report from the state forensic science lab dated February 20, 2023, to say that an Apple Macbook and a hard disk seized on November 17, 2020, by the police were found to have been tampered with between November 18 and 20. A second Macbook, seized on November 19, 2020, was tampered with between November 20 and 21, it is alleged.
Citing a CDAC forensic report dated January 23, 2024, the SIT has stated that one of the laptops seized from Srikrishna on November 17, 2020, was used to access crypto wallets at cryptocurrency websites and to access online gaming platforms while it was in police custody.
The report also found that anonymising tools were used to conceal online activities, data manipulation, transfer of files to external devices, deletion of history—which amounts to tampering of digital evidence—the SIT has said.
The SIT was constituted by the Congress government in June 2023 to investigate the alleged Bitcoin scam where cryptocurrency worth crores of rupees, allegedly stolen by Srikrishna from international exchanges and gaming sites, were in turn pocketed by police and politicians after the hacker’s arrest in 2020.
Advertisement
Multiple hacking cases
Srikrishna is accused of multiple hacking crimes in India too, including the extortion of money from gaming sites like Poker Baazi in 2020, the theft of Rs 11.5 crore from the Karnataka e-procurement portal in 2019 and 60.6 Bitcoins worth Rs 1.64 crore in 2017 from the Unocoin cryptocurrency exchange in the state.
Srikrishna and his accountant Robin Khandelwal were arrested by the Bengaluru CCB police in November 2020 on charges of buying drugs online using Bitcoin.
The handling of the cases involving the hacker by the police under the BJP regime in Karnataka after the arrests in November 2020 resulted in allegations of corruption by the Congress when it was in opposition between 2020 and 2023.
There are allegations of police officials grabbing a large cache of Bitcoins that was found in the crypto wallets of Srikrishna after his arrest.
Advertisement
After the SIT was constituted two FIRs were filed in August 2023 and January 2024 with respect to the tampering of evidence and alleged illegal confinement of the hacker and his associate by the police in 2020-21.
The SIT has arrested four former Bengaluru CCB police officers—Prashanth Babu, Chandradhar S R, Lakshmikanthaiah and Sridhar Pujar—in the two cases. It also arrested Santhosh Kumar, the cyber expert. The police officers and the cyber expert have been granted bail by courts.