A 26-year-old Indian hacker from Bengaluru, named Srikrishna Ramesh, was recently confirmed to have attempted stealing Rs 46 crore by hacking the Karnataka government’s e-procurement cell’s computers and successfully acquiring about Rs 11.5 crore from it, based on a charge filed by the law enforcement in February.
Srikrishna is also among the top Bitcoin hackers in Karnataka.
According to a statement that the Indian hacker had explained to the authorities, he claimed to have done the hacks while on vacation in the Himalayas. Moreover, he claimed to have attempted to steal about Rs 46 crore in the hack but could only acquire Rs 11.5 crore. His initial plan was to have two accounts wherein the first one would hold the Rs 18 crore and the other Rs 28 crores.
Back in 2019, complaints were filed by the Karnataka government’s e-procurement cell officials about a stealing attempt of unidentified criminal actors who were able to gather Rs 11.5 crore.
The Indian hacker said that the authorities had refunded the stolen amount after they learned about the suspicious transaction.
Srikrishna also added that he did not profit from the theft after the police had seized all the stolen money. He was arrested back in November 2020 on charges of buying illegal drugs using Bitcoins in the darknet.
Furthermore, five others were also identified by the police who were linked to Srikrishna by using his services on the e-procurement cell’s funds hack. These five include a law student, a doctor’s son, an accountant’s son, and a former bank director’s two sons.
Some sources told the police that most of the stolen funds were sent via the hawala route to the group to sustain their high life living. Srikrishna also added that one of his associates had been able to collect Rs two crore. Despite not profiting from the latest hack that he was charged against, Srikrishna said that his past crimes had him experience luxurious living through enjoying 5-star hotels and grand vacations.
Remote code execution vulnerability exploitation
The Indian hacker has detailed his latest hack to the authorities by explaining that he got access to the procurement site by exploiting a vulnerability he had found in remote code execution. The access allowed him to acquire valuable data, such as transaction details, payment amount, bidders account numbers, bid reference, IFSC codes, etc.
As of now, authorities are still in the process of finalising Srikrishna’s charge sheet about the e-procurement cell attack, including his past crimes related to Bitcoin theft and ransomware attack allegations.
