In some indication of the kind of access hacker Srikrishna Ramesh alias Sriki had to cryptocurrencies, forensic analysis of one of his devices revealed the presence of over 76 lakh private keys and addresses of various wallets, documents show.
Private keys are like passwords for a cryptocurrency account. Wallet addresses are required to send or receive digital assets.
The analysis also led to suspicion that the hacker was able to manipulate 'Bitcoin core', a software used to store, send and receive Bitcoins.
These form the findings of an examination of Sriki’s cloud account in which analysts found different files, including 27 e-wallets with a large number of private keys and addresses.
It also showed that Sriki had various instances — similar to accounts on Amazon Web Services (AWS) — of Ubuntu-based systems on AWS platform. Analysts were able to find five such instances which contained different files including 27 e-wallets with a large number of private keys and addresses.
"The instances (of Sriki) contained public addresses, private keys and transaction IDs related to various wallets and Bitcoin transactions," the analysis found.
E-wallets
The analysis carried out by Group Cyber ID Technology Pvt Ltd revealed five instance IPs — or accounts on AWS platforms. "...multiple text format files and wallet.dat files were found containing combinations of public addresses, newly generated/existing private keys and transaction IDs".
One Instance IP had 53.37 lakh private keys/addresses while others had 10.17 lakh, 12.11 lakh, 27,218 and 19,996. The total private keys were 76,13.984 in 27 Bitcoin core wallets. His wallet.dat files had 1,15,018 addresses, the analysis noted.
Analysts also suspect that Sriki likely manipulated the Bitcoin core software to hoodwink investigating officials.
Commenting on the process initiated by the police to access 31 Bitcoins, which police claimed to have recovered from Sriki, analysts found that "successful transaction to police wallet showed in the Bitcoin core application was not reflected on public domains, which it should".
This led them to further investigate the wallet and application code, after which they suspected that "the wallet code being an open source, it was manipulated to return favourable results (of cryptocurrency transfers) every time any transaction was done through it," said the report.
Check out the latest videos from DH: