A tale of the ‘recovered’ bitcoins
The Bengaluru police, who claimed to have recovered “31 bitcoins worth ₹9 crore” from hacker Sri Krishna in January, later claimed the recovery was not made and that the hacker hoodwinked them. This has now raised several questions.
The police, in a press statement on January 12, claimed to have “recovered and seized” the bitcoins from Sri Krishna, who had hacked “three bitcoin exchanges, 10 poker websites, and four other websites, including Government of Karnataka’s e-procurement website”. The recovery of bitcoins created considerable buzz as it was the first time bitcoins were recovered. “Since there is ambiguity on its legal sanctity, we got the State Government to issue a Government Order to recover the bitcoins,” a senior official said.
On January 8, in the presence of an Indian Institute of Science professor and officials from Unocoin, a bitcoin exchange, Sri Krishna was charged of hacking. A panchnama, a copy of which is with The Hindu, was conducted in which the police changed the password of the bitcoin wallet identified as that of the hacker to “owned 123” for safekeeping of bitcoins. It had 31.123 bitcoins.
However, it did not take long for it to come undone. As the Government Order had directed the police to sell the bitcoins and recover the money, the wallet was reopened to transfer the bitcoins to a wallet created by the city police on January 22. Inexplicably, the wallet contained 186.811 bitcoins. The wallet had live transactions during January 8 to 22. These bitcoins were “transferred” to the police wallet and the pop-up showed it was a success. However, the transaction ID was not visible on the blockchain explorer, which essentially meant the transaction never happened, the panchnama said.
Unocoin submitted a forensic analysis of the failed transaction – part of the chargesheet – which says the accused used public keys of wallets available on the internet to create a wallet and “modified the application to show fake transactions”. “Going by the number of frequency of transactions, the said wallet seems to be a Live Exchange wallet”, said Unocoin in their report. The wallet did not belong to the accused at all, police say.
Former IT Minister and Congress leader Priyank Kharge questioned the panchnama process. “For such a technical panchnama, a junior lineman and powerman were called as panchas in the first instance and two commercial tax officers in the second instance,” he pointed out. “Now that these bitcoins were not transferred to the police wallet, where are these bitcoins (31.123+186.811 bitcoins worth around ₹100 crore) now,” he questioned on Friday. “It is stated that neither any bitcoins were transferred from the account of Sri Krishna, nor any bitcoin was lost,” the police said in a statement on Saturday.
Several officials not involved in the probe also point to lapses in the process followed by the city police. “It is puzzling as to why the police approached the government and not the court on the modalities of recovery,” an official said. Many also question as to why no inquiry was not conducted over the fiasco. If the official version is to be believed, at least there should have been a fresh case against the accused as it amounts to hacking right under the nose of officials, an official said.