December 14, 2021 7:11:33 pm
A 26-year-old hacker arrested in Bengaluru last year who made claims of hacking into Bitfinex, a Bitcoin exchange based in the British Virgin Islands, a few years ago, is likely to be a person of interest to the US Federal Bureau of Investigation (FBI) on account of a 2016 police case registered in the US.
The Bengaluru Police arrested Srikrishna Ramesh alias Sriki in November last year in a case of buying drugs on the Internet with Bitcoins and discovered that the accused and his associates were allegedly involved in multiple hacking crimes in India and abroad.
Srikrishna is currently at the centre of a controversy in Karnataka following claims that Bitcoins in his possession were used to pay off police officials and others involved in the investigation of cases against him.
In a voluntary statement given to the police following his arrest in November 2020, Srikrishna has stated at multiple points that he was involved in a hacking incident at the Bitfinex exchange while being part of a hacking group in the Netherlands.
Though the hacker himself has only referred to his involvement in a hacking incident in 2015, when a small amount of around 1,500 Bitcoins were stolen from the Bitfinex exchange, questions are being raised about his alleged link to an August 2, 2016 hacking incident when nearly 1.2 lakh Bitcoins (then valued at around USD $70 million and now valued around USD $7 billion) were stolen from the Bitfinex exchange.
Soon after the August 2, 2016 theft, a police complaint was filed by an unidentified complainant in the US city of Cambridge, Massachusetts, stating that “his Bitcoin account was hacked and $1,300,000 ($70,000,000 in Bitcoins) was stolen”. The complaint — available in online archives of daily logs of the Cambridge city police for September 14, 2016 — was reportedly about the August 2, 2016 Bitfinex hack.
In response to a query by The Indian Express on the status of the case, an official with the Cambridge police department said the case investigations were being led by the FBI.
“The Cambridge resident had an account with a digital asset trading company that was hacked and resulted in the theft of Bitcoins from an unknown amount of their account holders. The company notified the FBI and they were leading the investigation of the hack. The Cambridge resident reportedly was able to recoup money from his losses,” Jeremy Warnick, Director of Communications, Cambridge Police Department, wrote in an email response.
Based on a request for information made by The Indian Express under the FBI’s Freedom of Information/Privacy Acts system, the FBI stated in a response that it has been “unable to identify records” with respect to the Bitfinex exchange hacking incident over which the complaint was filed in Cambridge. Michael Seidel, an official in the information and records dissemination section at the FBI, said “a search of the places reasonably expected to have records” was carried out and “we were unable to identify records” on the Bitfinex hacking case.
In a voluntary statement to the police, Srikrishna spoke about hacking the Bitfinex bitcoin exchange in 2015 and illegally accessing Bitcoins.
“Bitfinex was my first big Bitcoin exchange hack. The exchange was hacked twice and I was the first person to do so. The second instance [in 2016] was a simple spear phishing attack which led to two Israeli hackers working for the Army getting access to the computers of one of the employees which gave them access to the AWS cloud account,” Srikrishna told the police.
According to his statement, Srikrishna made “approx profit: 2000 BTC (Bitcoins)” from the Bitfinex hack and blew up the entire amount on a “luxurious lifestyle”.
The hacker also claimed that he managed on a few occasions to sell the stolen Bitcoins by using concealment techniques to avoid detection.
In an additional statement in a case where he is accused of hacking a poker gaming site, which is attached to the chargesheet in the case, Srikrishna has claimed that he voluntarily agreed to give away Bitcoins that were in his possession to the police. “I understood the case scenario that even if I do not give them the Bitcoins they can use forensic methods to find the Bitcoins, after a talk with the investigating officer. So post consultations, I voluntarily accepted to give away the Bitcoins which I had kept in various wallets in different cryptocurrencies,” reads the statement.
The Bengaluru Police have, however, rejected allegations linking Srikrishna to the 2016 Bitcoin heist.
“He was involved in stealing small amounts of Bitcoins, not large heists, is what we have found,” a senior officer said. “There have been a lot of claims made by him (Srikrishna) but they have not been substantiated during investigations,” the official said.
While Srikrishna has not claimed links to the August 2016 hack, blockchain analysts reported on social media that a large quantity of nearly 12,000 Bitcoins from this theft — worth around $750 million – was moved earlier this year.
When the stolen Bitcoins were allegedly moved on April 14 this year, Srikrishna was in prison in Bengaluru and was released only on April 17.
The Opposition Congress has linked the release of Srikrishna from prison to the movement of Bitcoins stolen in 2016, suggesting that they were used to pay off politicians and police officials.
“In the chargesheet filed by CCB police, it is recorded that the accused looted 5,000 Bitcoins through unethical hacking. Who holds these Bitcoins now? Have they got it transferred to accounts of investigating agencies? Or are they clueless?” Congress leader Siddaramaiah said on social media.
Police, however, have rejected suggestions that Bitcoins stolen from Bitfinex were moved in April from Bengaluru.
“The claim made on Whale Alert (a social media account tracking Bitcoin movements) that 14,682 stolen Bitfinex Bitcoins were transferred is completely unsubstantiated. There is nothing to suggest that it originated from Bengaluru,” police said in an official statement on November 12.
While the Bengaluru Police wrote to the Interpol on April 28, 2021, about the alleged crimes of the hacker, the Karnataka Police or the Bengaluru Police said they have not heard from international agencies so far.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.