The Enforcement Directorate (ED) has filed a sprawling 3,500-page prosecution complaint before a special PMLA court in Bengaluru, laying out what it calls a “sophisticated network” blending high-level hacking, darknet operations, cyber extortion and multi-crore cryptocurrency laundering. The charge sheet names serial hacker Srikrishna Ramesh, alias “Sriki”, crypto trader Robin Khandelwal, businessman Sunish Hegde, a private IT firm and two of its officials as accused in a case that spans breached government portals, crypto exchanges and online gaming platforms.
From government portals to poker sites: the alleged breach chain
According to the ED, Sriki, described as a highly skilled software programmer, exploited vulnerabilities in national and international cryptocurrency exchanges, online gaming and poker platforms, and corporate servers. He is accused of breaching the Karnataka government’s e-procurement portal and siphoning off about ₹11.5 crore in two transactions, besides hacking the Unocoin exchange and several major online poker platforms. The agency alleges that stolen virtual digital assets such as Bitcoin were then “layered” and offloaded through multiple international crypto platforms to obscure their origin.
The prosecution complaint details how Robin Khandelwal allegedly acted as a key conduit, converting illicit digital assets into fiat currency through over-the-counter deals and crypto-trading channels. Investigators claim Sunish Hegde conspired with Sriki to extort money from hacked companies by negotiating with them after the breaches, while Infinzy Solutions and two officials are accused of facilitating the transfer of funds stolen from a poker site. The three main accused were arrested in May and are in judicial custody at Parappana Agrahara Central Prison, with the ED citing digital evidence, blockchain analysis and bank records to support its case.
Darknet links and ongoing money trail probes
The 3,500-page document reportedly sketches connections between Sriki’s hacking operations and darknet marketplaces, building on earlier investigations that noted his use of the darknet to purchase drugs using Bitcoin. About ₹7 crore of the ₹11.5 crore siphoned from the e-procurement portal has been traced, with around ₹2 crore formally attached and another ₹5 crore frozen in various bank accounts; the remaining ₹4.5 crore is still being tracked. The ED says its probe into the movement and use of the alleged proceeds of crime is continuing, even as the prosecution complaint functions as the equivalent of a police charge sheet under PMLA.
For regulators, the Sriki case underscores how advanced technical skills, weak spots in government and corporate platforms, and an evolving crypto ecosystem can intersect to create large-scale financial crime. The dossier highlights the need for stronger blockchain forensics capacity, tighter oversight of informal crypto-OCT channels, and better coordination between cybercrime units, the ED and financial intelligence agencies. As India’s digital economy expands, securing e-governance portals, exchanges and gaming platforms is becoming not just an IT issue, but a core element of financial integrity and national cybersecurity strategy.