The investigation into an alleged Jaish-e-Mohammed (JeM) sleeper cell operative arrested in Jaipur has expanded significantly, with Rajasthan ATS officials now probing suspected cryptocurrency transactions, honey-trap modules targeting Indian Army personnel, and a broader recruitment network operating across multiple Indian states.
The developments emerged during the custodial interrogation of Babita Dhakad, a 37-year-old resident of Sawai Madhopur district who had been living in Jaipur’s Vatika area with her retired father.
Dhakad, who reportedly adopted the alias “Khadija,” was arrested by the ATS on June 22, 2026, following intelligence inputs from Military Intelligence (MI). She has been booked under the Unlawful Activities (Prevention) Act (UAPA) and is currently under a seven-day custodial remand.
ATS Superintendent of Police Manish Tripathi confirmed the arrest and stated that agencies suspect the woman was being groomed for a terrorist organisation after being influenced by radical ideology.
Crypto Transactions and Encrypted Communication Under Scanner
Among the more significant leads being pursued by investigators is a suspected financial trail involving cryptocurrency. Sources associated with the investigation said that Dhakad remained in touch with Pakistan-based operatives through WhatsApp and other encrypted communication platforms.
Agencies are now examining whether any financial transactions were initiated, facilitated, or received through cryptocurrency channels.
Investigators have not yet disclosed specific details regarding the volume, type, or routing of the alleged crypto transactions. The matter remains under active investigation, with forensic specialists working to recover deleted digital records from multiple mobile phones and electronic devices seized from the accused.
The crypto angle in this case is particularly notable because it fits into a wider pattern of terror financing through digital assets that Indian law enforcement agencies have been tracking with growing urgency.
The Ministry of Home Affairs’ PRAHAAR counter-terrorism strategy, released in February 2026, specifically warned that terrorist groups are increasingly using crypto wallets to move money anonymously and raised new concerns about digital finance being exploited for illegal activities.
The strategy cited a 2023 National Investigation Agency (NIA) investigation where funds linked to an ISIS-inspired module were traced through a WazirX account before being routed to Binance wallets connected to Pakistani contacts.
A Growing Pattern: Crypto-Terror Financing Cases Across India
The Rajasthan ATS probe is the latest in a rapidly expanding series of investigations across the country linking cryptocurrency transactions to terror financing operations.
In March 2026, the Uttar Pradesh ATS arrested a 19-year-old dental student named Haarish Ali from Moradabad for allegedly operating an ISIS-linked digital module. Investigators alleged the accused was engaged in cryptocurrency dealings with contacts in Pakistan, Afghanistan, and Turkey using encrypted apps such as Session and Discord.
Blockchain analytics firm TRM Labs has tracked hundreds of such transactions linked to the Islamic State Khorasan Province (ISKP), ranging from $100 to $15,000 per transfer, predominantly using Tether (USDT) on the Tron network.
In May 2026, the Gujarat Police Cyber Centre of Excellence (CCoE) dismantled a crypto network allegedly used for drug trafficking, money laundering, and terror financing. Gujarat Deputy Chief Minister Harsh Sanghavi confirmed the arrests and described the operation as a message against cybercrime and anti-national networks. The investigation relied on advanced blockchain analysis and technical intelligence.
By June 2026, the Gujarat probe had expanded further, with two more suspects arrested in connection with the alleged Rs 226 crore crypto-terror financing network. Investigators claimed the syndicate relied heavily on the privacy-focused cryptocurrency Monero to obscure fund movements and traced Monero transactions worth approximately Rs 2 crore.
The accused allegedly used complex layering techniques, rotating funds through multiple wallets before converting assets into USDT stablecoins and then into fiat currency. One wallet linked to the accused had reportedly been previously frozen by Israel’s National Bureau for Counter Terror Financing in 2025, with alleged transaction links to a Dubai-based entity associated with Hamas.
Meanwhile, in the United States, the FBI arrested three Americans in June 2026 for allegedly conspiring to provide material support to ISIS, including through financial contributions. Investigators alleged the group used Discord chats, voice calls, and encrypted messaging platforms to coordinate with the terror outfit.
The JeM Women’s Wing and Online Radicalisation
The Dhakad case has also drawn renewed attention to JeM’s evolving recruitment strategy targeting women. According to security agencies, the investigation uncovered links to individuals associated with Yusuf Azhar, also known as Gori, a relative of JeM founder Masood Azhar, who was accused of involvement in the 1999 hijacking of Indian Airlines Flight IC-814. Yusuf Azhar was killed during India’s Operation Sindoor airstrikes in May 2025.
Officials allege that JeM has been operating a women’s wing known as Jamaat-ul-Muminat (JuM), announced by Maulana Masood Azhar in October 2025 from the group’s headquarters in Bahawalpur, Pakistan. The wing, led by Sadiya Azhar, Masood Azhar’s sister, is aimed at identifying, influencing, and recruiting women and young girls as sleeper cell operatives.
Investigators claim Dhakad had become an important link in this network and was allegedly preparing to flee to Pakistan using a route reportedly arranged by her handlers through Nepal, Saudi Arabia, or the United Arab Emirates before security agencies intervened.
Investigators are scrutinising her internet activity after reportedly finding searches related to suicide attacks and extremist content on her devices. Mobile phones and other electronic devices seized from her have been sent for forensic analysis.
Honey-Trap Module Targeting Indian Army Personnel
One of the key operational leads being pursued relates to a suspected honey-trap module. Investigators suspect Dhakad was being trained to establish contact with Indian Army personnel through social media and attempt to draw them into compromising situations. Investigators are reviewing her online interactions and communication records to determine whether any such attempts moved beyond initial contact.
Officials have not yet disclosed evidence suggesting the alleged plan was executed, and this aspect of the investigation remains in its preliminary stages.
Digital Footprint, Deleted Data, and Multi-State Network
The investigation has revealed that Dhakad used multiple mobile numbers and SIM cards and frequently deleted chats, photographs, videos, and other digital records. ATS officials stated that forensic specialists are working to recover the erased data to build a fuller picture of her contacts and activities.
An initial scan of her mobile phone found a Facebook account containing links to foreign profiles and content that investigators described as objectionable, including profiles featuring JeM-related flags and images.
Agencies have also found indications that she was in touch with individuals across multiple states and may have been attempting to influence and recruit young women into radical networks through social media platforms.
The ATS is currently mapping her associates, communication channels, financial links, and overall digital footprint. Officials believe further questioning could provide additional information about the alleged network and its operations.
India’s Expanding Enforcement Focus on Crypto-Linked Terror Financing
India’s Enforcement Directorate (ED) has identified cryptocurrency frauds and terror financing as key priority areas going forward. Speaking at the 70th ED Day Celebration in May 2026, ED Director Rahul Navin noted that conventional fraud cases involving banks and real estate have declined, and the agency is redirecting its enforcement efforts toward more complex, technology-driven offences.
The ED filed 812 charge sheets during the 2025-26 financial year, with a reported conviction rate of 94%.
A dedicated darknet and cryptocurrency task force has been set up under the Multi-Agency Centre following the PRAHAAR strategy. The Financial Intelligence Unit (FIU-IND) has also been directing exchanges to tighten monitoring of transactions originating from sensitive border regions, with a particular focus on private wallets and peer-to-peer transfers that bypass centralised oversight.
Over 24 lakh cybercrime complaints were filed on the National Cyber Crime Reporting Portal in 2025, with reported fraud losses totalling Rs 22,495 crore. The Union Budget 2025-2026 allocated Rs 782 crore for cybersecurity projects, and from April 1, 2026, new powers under the Income Tax Bill allow authorities to access crypto wallets, emails, and social media during authorised searches.
Officials cautioned that the findings in the Dhakad case are based on leads generated during the investigation and interrogation. They said the claims are still being examined and will need to be corroborated through forensic evidence and the legal process.
Also Read: Indian Police Arrests Engineer in ₹19 Lakh WinProFX Scam Spanning 100 Countries
