The Enforcement Directorate (ED) of India has walked straight back into Karnataka’s long-running Bitcoin scam, and this time the door it knocked on belongs to a sitting Congress MLA’s family.
On Monday, the federal agency’s Bengaluru unit conducted simultaneous searches at around 12 locations across Karnataka in a PMLA case tied to the 2017 crypto hacking and money laundering network run by Srikrishna Ramesh alias Sriki.
Among the premises searched were the residences of Mohammed Haris Nalapad and Omar Farook Nalapad, the two sons of Shantinagar MLA N A Haris, along with the premises of Sriki himself and several other accused.
According to a report by the Times of India, the searches began early Monday morning under the Prevention of Money Laundering Act (PMLA), 2002, and form part of an ongoing investigation initiated on the basis of multiple FIRs and chargesheets filed by Karnataka Police. The underlying offences include hacking of national and international websites, theft of bitcoins, extortion, and violations of the Narcotic Drugs and Psychotropic Substances Act.
For the ED, this is no longer just a cybercrime file. It is a political one.
How ED says the money moved
Officials privy to the investigation laid out the alleged modus operandi in fairly clinical terms. The group, led by Sriki, allegedly hacked into websites and digital wallets to steal virtual digital assets, which were then treated as proceeds of crime under PMLA. Sensitive data and funds were also siphoned off through similar cyber intrusions.
From there, the money moved through a familiar playbook:
- Stolen cryptocurrencies were routed through various crypto trading platforms to obscure their origin.
- The proceeds were then transferred through multiple bank accounts in a layering process designed to evade detection.
- The laundered funds were eventually used for personal expenses and benefits by Sriki and his associates.
ED’s PMLA investigation concludes that Mohammed Haris Nalapad and Omar Farook Nalapad are close associates of Sriki and the main beneficiaries of the proceeds of crime generated through this alleged crypto-linked crime. The agency says Monday’s searches are aimed at recovering digital records and financial documents that could expose the full scale of the operation and identify other individuals in the chain.
The Sriki backstory: A scam that refuses to close
Srikrishna Ramesh is not a new name in Karnataka’s crypto file. He is the name that refuses to stay out of it.
Sriki, a Bengaluru-based software programmer who studied computer science in Amsterdam before returning to India, was first arrested in 2020 by the Central Crime Branch in a drug case involving DarkNet-sourced narcotics. Between 2020 and 2021, he allegedly used a laptop smuggled into prison, with a constable reportedly bribed to facilitate the delivery, to move Bitcoins worth around ₹10 crore across different wallets, as per Business Standard report.
The broader scam centres on a 2017 hack of Tumakuru-based crypto exchange Unocoin Technologies, in which 60.6 Bitcoins, worth around ₹1.14 crore at the time, were stolen. An FIR was filed by Unocoin co-founder Harish B V in July 2017.
Over the years, the case expanded to include allegations that four former CCB officials had attempted to hack various cryptocurrency wallets, payment gateways, and stock exchange websites with Sriki’s help, and that a police officer had accepted ₹7 lakh in connection with the recovery of the stolen Bitcoins.
The Congress government set up a Special Investigation Team on June 30, 2023, shortly after coming to power, to probe what became popularly known as the Karnataka Bitcoin scam. The SIT arrested Sriki again in May 2024 from a Bengaluru hotel in the 2017 Unocoin case. Monday’s ED action takes that SIT trail and layers a full-blown PMLA investigation on top of it, with a direct line now drawn to the family of a sitting Congress MLA.
N A Haris represents the Shantinagar Assembly seat in Bengaluru. His son Mohammed Haris Nalapad has been politically active and is no stranger to controversy in the state.
Why this one matters
The timing is awkward for the Karnataka Congress, coming at a point where the ED’s crypto file across India is already bulging.
Earlier this month, the Cyber Crime Wing of the West Bengal Police arrested Kolkata industrialist Pawan Kumar Ruia in a ₹315 crore cyber fraud case where ₹170 crore was allegedly converted into cryptocurrency through international exchanges,as The Crypto Times reported. In March, the ED seized ₹2.5 crore in crypto during 16-location raids across West Bengal in a call centre money laundering probe. Mumbai businessman Raj Kundra was summoned in January over his alleged role as a beneficial owner of 285 Bitcoins in the ₹150 crore GainBitcoin scam.
The pattern across these cases is remarkably consistent: stolen or defrauded rupees, mule or associate accounts, conversion into crypto, layered movement, and eventual consumption of the proceeds. The Nalapad brothers, per ED’s current theory, sit at the consumption end of that pipeline, not the origination end. That is why the searches focused on residences and associated premises rather than exchanges or technical infrastructure.
The national backdrop
India has been tightening the screws on crypto-linked financial crime throughout this quarter. In February 2026, the government’s “PRAHAAR” counter-terrorism strategy specifically flagged the growing use of crypto wallets by criminal networks, and a dedicated darknet and cryptocurrency task force has been set up under the Multi-Agency Centre.
From April 1, 2026, new powers under the Income Tax Bill allow authorities to access crypto wallets, emails, and social media during authorized searches, a provision that directly strengthens the kind of probe the ED is running in Bengaluru.
Official data tabled in Parliament puts cybercrime losses in 2025 at ₹22,495 crore, with over 24 lakh complaints filed on the National Cyber Crime Reporting Portal. Of the ₹36,448 crore in cumulative losses since the portal’s inception, only ₹60.52 crore has been returned to victims, a recovery rate below 0.2%.
What the Bengaluru raids add to that picture is a reminder that the trail from a 2017 exchange hack does not necessarily end at a hacker’s laptop. It can run through prison wards, police files, SIT charges, and in ED’s current view, into the homes of people with political surnames.
With around 12 premises under the lens, digital records being pulled, and financial documents being reviewed, the investigation is unlikely to conclude this week. But after nine years of Karnataka’s Bitcoin scam refusing to die, Monday’s action suggests the file is about to get significantly thicker.
Also Read: India Crypto Alert: ₹38L Stolen in Hyderabad Breach, Probe Underway
