ED on how mule accounts and crypto channels fuelled Rs 12,000 crore cyber fraud

The Enforcement Directorate (ED) has uncovered a vast network of mule accounts, shell companies and cryptocurrency channels used to launder proceeds from cyber-enabled financial frauds, attaching assets worth Rs12,229 crore so far, Joint Director Robin Gupta said. Addressing the National Conference on Tackling Cyber-Enabled Frauds and Dismantling the Ecosystem organised by the CBI and I4C, Gupta described cyber fraud as “organised crime structured like a corporation,” with separate verticals handling SIM supply, mule accounts, human trafficking and crypto conversions to evade detection. The ED is probing a transnational cyber investment scam operating from compounds in the Thailand–Laos–Myanmar Golden Triangle region. Built on multiple FIRs across India, the case has led to eight arrests and a prosecution complaint. Victims were lured through fake IPO allotments and stock investment apps promising high returns, a method globally known as “pig-butchering scams.” Investigators also found evidence of Indian youths being trafficked and forced to participate in cyber fraud operations. Gupta outlined a three-stage laundering process. Fraud proceeds are first deposited into mule and shell company accounts, with Rs159 crore routed through such channels. The second stage involves layering, where funds are broken into smaller transfers of Rs 1–5 lakh and moved into hundreds of accounts on the same day — including Rs 9 crore across more than 200 mule accounts and Rs 7 crore into 91 accounts. Finally, the money is converted into cryptocurrency via peer-to-peer platforms such as Binance and siphoned overseas, while local operators withdraw cash. Investigators traced more than 1,000 mule accounts and shell entities and froze Rs 2.81 crore linked to the network. These accounts are often procured through Telegram or from students, low-income individuals and defunct businesses, and are remotely controlled by handlers. Gupta highlighted major enforcement actions, including seizure of cryptocurrencies worth Rs 2,057 crore in the Bitconnect Ponzi case and attachment of crypto assets worth Rs 2,385 crore abroad in the OctaFX forex fraud, along with 21 overseas properties. The OctaFX probe received the 2025 Best Egmont Case Award. He flagged operational challenges such as the massive number of bank accounts across institutions, non-uniform data formats, delays in KYC access and high-velocity transactions that outpace traditional investigations. To counter this, the ED is deploying technology-driven tools, including an IIT-Kanpur-developed crypto analysis platform, bulk data standardisation and real-time inter-agency coordination. Key red flags for mule accounts include dormant accounts suddenly receiving large funds, immediate withdrawals, recent changes in mobile numbers or emails, multiple accounts operated from a single IP address and the use of OTP-forwarding apps. Calling for a coordinated crackdown, Gupta urged agencies to target the entire ecosystem, mule account providers, SIM suppliers, traffickers, shell company operators and crypto facilitators, and treat cybercrime investigations like organised crime cases. Home Minister Amit Shah, addressing the conference, said multiple agencies are working in coordination to prevent cybercrime, including I4C, state police forces, the CBI, NIA, ED, Department of Telecommunications, RBI, MeitY, the banking sector and the judiciary. He stressed that each institution has a critical role and closer coordination is essential to curb the growing threat of cyber-enabled financial crimes. - Ends Tune In