Back

Crypto Trader Arrested for Laundering Hacking Proceeds in Major Cybercrime Case

Severity: High (Score: 66.5)

Sources: Newindianexpress

Published: 2026-06-05 · Updated: 2026-06-05

Keywords: sriki, crypto, trader, robin, khandelwal, laundering, proceeds

Summary

Srikrishna, a notorious hacker, continued his criminal activities despite multiple FIRs since 2017. He collaborated with crypto trader Robin Khandelwal to launder proceeds from hacking operations, including stealing virtual digital assets. The Enforcement Directorate (ED) discovered that Khandelwal facilitated cross-border payments and operated multiple crypto accounts for laundering. Evidence from WhatsApp chats revealed Khandelwal's involvement in changing domain ownership and making payments in bitcoins without disclosing their source. The ED's investigation led to Khandelwal's arrest on June 5, 2026, as he failed to provide necessary financial documentation. The total amount laundered is estimated to be in the crores, with significant sums tied to stolen cryptocurrencies. The investigation continues as authorities trace the flow of illicit funds. Key Points: • Srikrishna has been hacking and laundering proceeds since 2016, despite multiple FIRs. • Robin Khandelwal was arrested for facilitating the laundering of stolen virtual assets. • The ED found evidence of cross-border payments and undisclosed crypto accounts linked to Khandelwal.

Detailed Analysis

**Impact** The cybercrime operation affected multiple sectors including online gaming and cryptocurrency trading, with stolen virtual digital assets (VDAs) totaling approximately 76.044 BTC (Rs 3.35 crore) and 100 Ethereum (Rs 50.34 lakh). The financial damage includes Rs 70 lakh siphoned from the Pokerbaazi gaming site and Rs 2 crore extorted from its owners. The scope extends internationally, involving cross-border payments and UK-based business entities, impacting financial services and digital asset platforms across India and abroad. **Technical Details** The attack vector involved hacking of websites, notably the Pokerbaazi online gaming platform, and theft of VDAs. Tactics included use of e-SIMs and VPN services (Proton VPN) for operational security, cloud infrastructure on Amazon Web Services, and laundering through multiple bank accounts and crypto trading platforms. The threat actors utilized foreign crypto exchanges and wallet services such as Mobikwik, Moneypolo, and Wise.com, with no specific CVEs or malware detailed. The kill chain stages covered initial access, asset theft, money laundering, and obfuscation of proceeds via layered transactions and offshore entities. **Recommended Response** Monitor for unauthorized use of e-SIMs and VPN subscriptions linked to suspicious accounts. Deploy detections for anomalous cloud service usage, especially AWS instances associated with crypto asset transactions. Enforce strict KYC and transaction monitoring on crypto trading platforms to detect layering and laundering patterns. Investigate and block domains and wallets linked to identified entities such as Sigma Trading Corporation Ltd and Supriore Solutions Ltd. No specific patches are indicated; focus on transaction and network monitoring to detect similar laundering activities.

Source articles (2)

  • Despite FIRs, Sriki continued to hack, bought software tools — Newindianexpress · 2026-06-04
    BENGALURU: Despite multiple FIRs registered since 2017 onwards and chargesheets filed, notorious hacker Srikrishna aka Sriki continued to indulge in criminal activities associated with offences such a…
  • ED arrests crypto trader Robin Khandelwal for laundering Sriki's hacking proceeds — Newindianexpress · 2026-06-05
    BENGALURU: Investigation by the Directorate of Enforcement (ED) disclosed that crypto trader Robin Khandelwal is the main conduit used by hacker Srikrishna aka Sriki, for laundering proceeds of crime…

Timeline

  • 2017-01-01 — Multiple FIRs filed against Srikrishna: Srikrishna faced charges for hacking, extortion, and theft of virtual assets, starting a long investigation.
  • 2026-05-01 — ED interrogates Khandelwal: Khandelwal provided evasive answers regarding his financial activities during questioning under PMLA.
  • 2026-06-05 — Khandelwal arrested by ED: The ED arrested Robin Khandelwal for laundering proceeds from Srikrishna's hacking operations, revealing extensive financial misconduct.

Related entities

  • Data Breach (Attack Type)
  • Pokerbaazi (Company)
  • Amazon Web Services (Company)
  • Namecheap (Company)
  • India (Country)
  • Netherlands (Country)
  • dharmasthala.org (Domain)
  • wise.com (Domain)
  • Mobikwik (Tool)
  • Moneypolo (Tool)
  • Proton VPN (Tool)
  • WhatsApp (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed