Daijiworld Media Network – New Delhi

New Delhi, Nov 18: A major Ministry of Home Affairs (MHA) analysis has uncovered what investigators describe as India’s most advanced financial laundering network, with 27 cryptocurrency exchanges flagged for routing Rs 623.63 crore of cybercrime proceeds from 2,872 victims in just 21 months.

The findings, derived from National Cybercrime Reporting Portal (NCRP) data, show that scammers used fake trading and investment apps to lure victims and then quietly converted the money into digital assets. “Funds were layered through dozens of wallets without victims realising what was happening,” an official said. The Indian Cyber Crime Coordination Centre (I4C) has now circulated an internal list of these Virtual Asset Service Providers (VASPs) to enforcement agencies and the Financial Intelligence Unit (FIU).

According to I4C, Rs 200 crore from 1,608 complaints this year and Rs 423.91 crore from 1,264 cases last year were funnelled through Indian VASPs. Officials say the total volume is “only the tip of the iceberg”, highlighting how even FIU-registered exchanges remain vulnerable to exploitation.

Among those flagged are CoinDCX, WazirX, Giottus, ZebPay, Mudrex and CoinSwitch, mainly due to their market dominance. Several platforms, however, denied wrongdoing. CoinSwitch stated it operates in a “fully ringfenced and compliant environment”, while CoinDCX said it cannot share case specifics but follows stringent MPC wallet protocols. Many exchanges stressed that they merely facilitate lawful trades and cannot be held liable for criminal intent of users.

Mudrex’s India head Pranjal Agarwal said all FIU-registered platforms have strengthened KYC and AML checks since 2023. Giottus CEO Vikram Subburaj compared the scenario to criminals using food delivery apps—“It does not make the platform complicit,” he said.

However, investigators pointed out that beyond compliance lapses, issues like poor grievance redressal, withdrawal delays, accounting inconsistencies and platform glitches, along with recent breaches at major exchanges, have shaken public trust.
WazirX — hit by a $235M hack in July 2024 — blamed a compromised third-party custody server and said it has since repaid 85% liabilities and partnered with BitGo for $250M insurance cover. ZebPay also reaffirmed its strong KYC, AML and cybersecurity protocols.

Officials say part of the problem stems from the foreign ownership structures of several Indian exchanges, which operate in what industry insiders describe as a “trust and oversight vacuum.” Some leaders attribute offshore setups to ease of fundraising and the regulatory uncertainty after the 2018 RBI ban.

Meanwhile, the Directorate General of GST Intelligence (DGGI) noted that reluctance from some platforms to pay 18% GST further strained trust. By December 2024, the Finance Ministry had recorded Rs 824.14 crore in GST evasion across 17 exchanges.

The Enforcement Directorate and FIU are now examining whether Indian intermediaries are functioning as “crypto mules,” converting scam proceeds into tokens for commissions, and whether compliance failures enabled unverified users to bypass KYC norms.

I4C also identified the two largest fraudulent transfers:

• Rs 10.09 crore through UK/US-based Onlychain Vilnius
• Rs 8.13 crore through Mauritius-based Ezipay Ebene

Ezipay denied being a crypto service, saying all its transactions are regulated card-based remittances. Onlychain Vilnius did not respond to queries.

Investigators warn that as India’s crypto ecosystem expands, so do the methods used by cybercriminals — making robust oversight and deeper scrutiny more crucial than ever.