© The Indian Express Pvt Ltd
Tags:
Journalism of Courage
Investigations by Indian authorities into how cryptocurrency is used to funnel money stolen through cybercrimes to transnational syndicates have led them to a recurring maze —from anonymous digital wallets to blacklisted crypto exchanges in Dubai, onward to similar exchanges in Cambodia, and finally to Chinese scam networks.
This is the key takeaway from an analysis of at least 144 cases by Indian Cyber Crime Coordination Centre (I4C), the Union Home Ministry’s cyber fraud unit, according to records reviewed by The Indian Express as part of The Coin Laundry — an investigation in association with the International Consortium of Investigative Journalists (ICIJ) on how the crypto industry has profited from illicit financial flows.
Sources told this newspaper that I4C has traced the footprints of these cyber-financial flows to five countries: Pakistan, China, Dubai (UAE), Cambodia and Myanmar.
According to officials, the crypto link is just one facet of a broader probe into cybercrime in the country that is estimated to have generated Rs 16,649.89 crore in just ten months this year alone — closing in fast on the estimated Rs 22,845.16 crore across 2024.
“These cross-border connections show how cybercriminal groups have built transnational ecosystems leveraging decentralised digital asset frameworks. The challenge is not just financial tracing but disruption of unregulated networks and blacklisted exchanges that operate beyond formal jurisdictions,” a senior security official told The Indian Express.
In presentations made to top officials in the security apparatus, sources said, cybercrime investigators have underlined a specific case from Ghaziabad as an illustrative example of how money siphoned from cybercrimes is “converted into cryptocurrency and then transferred” abroad under the regulatory radar.
This case involves a hawala operator who funelled about Rs 1.30 crore in cash derived from cybercrimes, which finally ended up with Chinese networks engaged in online investment frauds, financial traps and illegal gambling.
Investigators found that the operator withdrew the money from multiple “mule accounts” and converted it to digital assets in Delhi through over-the-counter traders, who operate outside a centralised exchange, and peer-to-peer channels in which two parties transact directly without an intermediary. Mule accounts are bank accounts used for illegal activities, typically taken over by criminals either by paying the original account-holders or duping them.
The Ghaziabad operator then transferred the cryptocurrency to a Dubai-woman’s unhosted digital wallet — a non-KYC wallet outside the regulated exchange system. From there, the trail led to Huione Pay, a Cambodia-based exchange blacklisted for allegedly aiding cross-border financial crimes. The funds routed through Huione Pe were later accessed by Chinese networks.
According to official data (see chart), I4C examined 28 such cases in 2023, 45 in 2024 and 127 this year until September 30. In case after case, sources said, they found direct or indirect operational links with Pakistan, China and Dubai-based entities suspected to be laundering fraud proceeds through cryptocurrency. “We found that money was being collected in the name of terror financing, separatist movements, Covid funding, investment frauds and multi-level marketing scams,” an official said.
Links to Al Qaeda, Hamas
On the larger cybercrime map, investigators have traced the proceeds of crime to groups such as Al Qaeda.
Citing the Rs 500-crore Power Bank loan app scam, where investors were duped after being promised high returns, an official said, “At least 13 accused entities collected nearly Rs 342 crore from investors within a short span of time, between March 2021 and May 2021. The accused neither paid interest nor returned the principal amount, closed their purported business after collecting a huge sum of money and went incommunicado,” another official said.
“The probe revealed that Al Qaeda and Hamas were allegedly funded by laundered money. It was also found that funds were routed through a Chinese cryptocurrency exchange,” the official said.
Officials also point to a case registered in 2019 by a Delhi resident who alleged that cryptocurrency worth Rs 30 lakh was stolen from his digital wallet. They said that the trail led to Giza in Egypt and Palestine, including digital wallets linked to Al Qassam Brigades (the military wing of Hamas) that were already on the radar of Israeli authorities,” the official said.
Several other such cases have been traced to Jharkhand, Odisha, Bihar and the Northeast. Apart loan and multi-level marketing scams, they include cases “Rug Pulls”, where a cryptocurrency operator hypes a project to attract investor money before shutting down suddenly and disappearing. “The money generated from scams exceeds Rs 3000 crore and we have found links to Dubai, Russia, Indonesia and Bangladesh,” the official said.
According to I4C data, cyber scams targeting Indians are mainly run by Chinese operators from high-security compounds in Southeast Asia, where victims of human-trafficking, including Indians, are put to work. “The Indian economy faces a loss of over Rs 1,000 crore every month to such crimes. Over 20,000 Indians are estimated to be working in these scam compounds situated in Southeast Asia… After the pressure from many countries, especially the US, the business has started shifting to Dubai,” the official said.
Probing the Dubai link, officials said they have found a common pattern. “Cybercrime proceeds are deposited in Indian accounts and the linked ATM cards are used in Dubai to withdraw cash in dirhams, the local currency. This money is then used to purchase cryptocurrency,” the official said.
The Ministry of Home Affairs (MHA) did not respond to a questionnaire from The Indian Express detailing these findings and seeking to know what measures are being taken to tackle the use of cryptocurrency to funnel the proceeds of cyber crime.
