You are using an older browser version. Please use a supported version for the best MSN experience.

1st person to crack Bitfinex, multiple hacking scams: Karnataka hacker's tell-all statement to police | Exclusive

India Today logo India Today 12-11-2021 Nagarjun Dwarakanath
1st person to crack Bitfinex, multiple hacking scams: Karnataka hacker's tell-all statement to police | Exclusive 1st person to crack Bitfinex, multiple hacking scams: Karnataka hacker's tell-all statement to police | Exclusive

In a tell-all statement to the Karnataka Police, the prime accused in the Bitcoin scam, Srikrishna Ramesh, aka Sriki, revealed that he had hacked Bitfinex twice during his stay in the Netherlands and was the first person to do so. Bitfinex is a cryptocurrency exchange based in Hong Kong.

"Bitfinex was my first big bitcoin exchange hack; the exchange was hacked twice, and I was the first person to do so. The second instance was a simple spear-phishing attack that led to two Israeli hackers working for the army getting access to the computers of one of the employees, which gave them access to the AWS cloud account."

Explaining how he managed to hack the bitcoin exchange, he said, "I exploited a bug in the data centre which gave me KVM (Kernel-based virtual machine) access to the server. I rebooted the server into GRUB mode, reset the root password, logged in, and reset the withdrawal server passwords and routed the money via bitcoin to my bitcoin address."

He said he made a profit of around 20008 BTC (bitcoin) but could not save any of it as he splurged the money on his luxurious lifestyle.

Read: PM asked me to work with loyalty in interest of Karnataka, didn't discuss bitcoin scam: CM Basavaraj Bommai

He said, "I didn't save anything. Blew it up on the luxurious lifestyle which I continued by spending around Rs 1 to Rs 3 lakh a day on alcohol and hotel bills on average. The price of bitcoin during the time of this hack was around $100 or $200, which I shared with my friend Andy from the UK."


Srikrishna Ramesh said he hacked into the Karnataka government's eProcurement site in 2019. He said, "I exploited a remote code execution vulnerability and got access to the bidder information and downloaded all the files relating to the bids happening at that moment. The hack allowed me to download excel files containing the transaction details, bid reference, payment amount, IFSC codes, account numbers of bidder, etc."

"We hacked this site in 2019 and made three separate transfers. Two of the accounts were given to me by Hemanth Mudappa for a total of Rs 18 crore in one account and Rs 28 crore in the other. Hemanth claimed he collected Rs 2 crore from an entity called Ayub, whom I do not know. However, the CID claims that Rs 11 crore was collected by Hemanth Mudappa."

"I initiated the second transfer of Rs 28 crores while sitting in the Himalayas - Ananda spa and resort as per the instructions of Sunish Hegde. This transaction was presumably refunded because the government apparently got to know about the dubious nature of the transaction. I did not earn any profit from this; however, I did enjoy the proceeds of the crime by living in 5-star hotels and enjoying a luxurious lifestyle from the proceeds of the same."

Read: Karnataka Bitcoin Scam: Meet 'Big Boss' Srikky, the hacker who hoodwinked police


Srikrishna began to take an interest in computers while in Class 4 and later immersed himself in various computer languages and technologies. He hacked into the main website while in school and regularly altered his and others' attendance and marks.

Srikrishna Ramesh engineered his first bot game when he was in Class 4. He said, "During my schooling, I picked up several technical skills which turned out to be useful for several cybercrime-related activities. In Class 4, I learnt the basics of web exploitation, Java, Reverse engineering and wrote my first bot for a game called RuneScape. This was my first attempt at reverse engineering obfuscated games and binary exploitation."

"Between Class 4 and Class 10, I joined an IRC channel of a group of Blackhat hackers who eventually taught me the art of hacking and exploitation. Picking up skills slowly as a script kiddie, learning the basics of databases, SQL injections, Local File Inclusions, Remote file inclusions, Remote code executions, Shells, Web application exploitation and Source code analysis."

"When I was in Class 9, I was promoted to a moderator of the forum and an administrator of the IRC network by my mentor, who is an anonymous entity named "Rose/BigBoss. While running the IRC network, I made several internet friends who changed my life by mentoring me in various other aspects of crime, specifically financial, yet not unethical.

He said by the time he was in Class 10, he made several thousand dollars along with his friend.


Bitclub Network - He hacked into Bitclub networks exchange servers in 2017, got access to main servers, and withdrew around 100BTC.

PPPoker - He hacked this Chinese website in 2017 and 2018 and got access to the database via the admin panel. - As a teen, he hacked into this game and sold gold on the game for money on PayPal and Liberty Reserve, which is a now-defunct website, as the owner of the website was arrested for money laundering and faulty KYC policies. $1 million from this game was spent on hotels and friends.

GGPoker - He said he attempted to hack this website at the behest of Sunish Hegde, who threatened him with dire consequences if he failed to finish the job. Being the top poker website globally at that moment, surpassing even PokerStars, the task was considerably difficult, he said. When the job was done, Sunish went to jail.

These are just a few cases; he has several other hacking crimes to his name. - "This was a major financial profit for me, the owner of this defunct exchange is sitting in jail in France pending extradition to the US," he said. He made a profit of $3-$3.5 million from this.


His luck ran out in November 2020 when some of his associates allegedly went to a post office in Bengaluru to collect a parcel of ganja. According to sources, Srikrishna transferred funds to Robin Khandelwal, who ran a Bitcoin trading service, to purchase drugs on the darknet.

He was then arrested in the drug case, but this opened Pandora's Box. The Bengaluru Police found Srikrishna was involved in multiple other crimes in the city. Furthermore, a CID cybercrime cell probe that was in progress at the same time into the e-procurement cell hacking also unearthed technical evidence linking him to the crime.

The police then claimed to have recovered 31 bitcoins valued at Rs 9 crore from the alleged hacker. However, it is alleged that Srikrishna had misled crime branch officials into believing he had access to bitcoins that were actually in exchange and not in his possession, which led to the claim of the recovery of bitcoins.

Watch Live TV in English

Watch Live TV in Hindi

More from India Today

image beaconimage beaconimage beacon