A landmark study by the Centre for Cybercrime Investigation Training and Research of the CID police in Karnataka has sounded the alarm on India’s cybercrime crisis, calling for urgent regulation of cryptocurrency to kerb spiralling losses. According to the study, unveiled at a senior police conference in Bengaluru on Friday, Karnataka recorded a staggering ₹2,915 crore in losses from 6.11 lakh cybercrimes in 2024 alone, nearly four times the ₹660 crore reported in 2023.
Data sourced from the National Cyber Crime Reporting Portal (NCRP) shows ₹1,860 crore lost through private banks and ₹948 crore through public banks in the state last year. “The lack of cryptocurrency regulation is a critical gap facilitating money laundering and the rise of cybercrime,” the study warns, highlighting how scammers exploit unregulated crypto markets to funnel stolen funds beyond the reach of authorities.
Money Mules and Crypto Conversions at the Heart of Cybercrime
The study delves into the phenomenon of money mules, individuals who knowingly or unwittingly allow their bank accounts to be used for laundering money stolen through scams such as investment fraud and digital arrest schemes. It found that cybercriminals often convert illicit proceeds into cryptocurrency either directly or via peer-to-peer (P2P) transactions, complicating recovery efforts.
“The unregulated cryptocurrency market is exacerbating the issue of money muling,” the report, co-authored with the Data Security Council of India, states. Analysts discovered ₹5.52 crore in crypto was transferred between March and May 2024 through Bitget, a multi-exchange platform, showing a clear trend of stolen money flowing into crypto ecosystems.
Gaming Platforms, Global Wallets, and Regulatory Blind Spots
One of the report’s key findings is the role of gaming platforms and casinos that accept cryptocurrency deposits, creating ideal avenues for criminals to launder funds. Investigators noted that many exchanges do not enforce know-your-customer (KYC) requirements or operate from jurisdictions with lax regulations, frustrating efforts to trace stolen money.
The study described a common laundering tactic where mule accounts funnel stolen funds into international payment services like PayPal before converting the money into crypto via exchanges such as Binance. “Tracking this conversion process is a significant challenge for law enforcement agencies,” the report emphasises, especially given how cash withdrawals abroad in cities like Dubai, Hong Kong, and Bangkok and remote Indian ATMs compound the problem.
Banks Under Fire for Failing to Flag Suspicious Transactions
The report highlights systemic failures in the banking sector’s ability to detect and prevent money muling. Despite Reserve Bank of India (RBI) guidelines requiring banks to generate Suspicious Transaction Reports (STRs) for the Financial Intelligence Unit India (FIU-IND), investigations revealed many banks fail to flag suspicious activities. “This failure is often attributed to negligence, and in some cases, insider collusion,” the study says.
The ease with which fraudsters open online bank accounts using fake details was also flagged. For example, investigators in Bengaluru discovered 125 mule accounts opened in a single private bank using basic KYC procedures without physical verification. The report notes cybercriminals exploit online account openings by using non-local addresses, such as someone in Rajasthan opening an account with a Bengaluru address, to mask their activities.
Regulatory and Legal Gaps Leave India Vulnerable
The study underscores the absence of punitive measures for money mules in current Indian laws, stating that neither the Bharatiya Nyaya Sanhita (BNS), 2023 nor the Information Technology Act, 2000, specifically penalises individuals operating mule accounts. “This legal vacuum makes it harder to prosecute those knowingly aiding cybercrime,” the report warns.
Officials also cited fraudsters’ ability to easily acquire SIM cards using forged documents, allowing them to link stolen bank accounts to their own mobile numbers, thus gaining full control of victims’ internet banking. Despite RBI’s guidelines for due diligence on phone number changes, enforcement remains inconsistent across banks.
Crypto Regulation a Key Step Forward
The study concludes with a call for urgent regulation of India’s cryptocurrency market, including mandatory KYC for crypto exchanges and penalties for platforms that fail to comply. It also suggests banning non-compliant exchanges and prohibiting Indian residents from transacting with unregistered platforms.
Moreover, gaming and casino platforms accepting crypto should be subject to strict licencing and oversight, while banks must step up monitoring to identify and block mule accounts. As a Karnataka cybercrime officer bluntly put it, “The entire gamut of cybercrime is happening within the white economy. Mechanisms meant for financial inclusion are being misused for crime, and regulation is our only way out.”
With cybercriminals exploiting gaps in India’s crypto and banking systems, the CID’s report offers a sobering reminder: without decisive action, the country’s cybercrime epidemic will only worsen.
