tSe My voluntary statement My name is Sri Krishna Ramesh, commonly known as. ‘Sriki’, aliased on the internet as AP. 1W8E'Botn on 30" March’ 2995 to Mr. Gopal Ramesh and Kausalya Ramesh. t did my pre schooling ity Kamala garden | did my schooling tll 10" standard in Kumarans, CBSE, During my schooling, t picked up several technicatskills which turned out to be useful for several cybercrime related activities. At 4" grade, | learnt the basics of web exploitation, Java, Reverse engineering and wrote my first bot for 2 game called RuneScape, by 2 company in the UK known as JaGeX Itd. This was my first attempt at reverse engineering obfuscated games and binary exploitation. From a to 10™ grade, | joined an IRC channel of @ group of Blackhat hackers who eventually taught me the at of hacking and exploitation. Picking up skills slowly asa script Liddie, learning the basics of databases, SQL injections, Local File Inclusions, Remote file inclusions, Remote code executions, Shells, Web application exploitation, Source code analysis. uring my time at héckyOu, which was a community of 50,000 members, the group split into two due toa communal feud which led to the creation of two separate forums: h4ckyOu and h4ck-yOu.org Around 8*or 3" grade, lwas promoted to @ moderator of the forum and an administrator of the IRC network by my mentor, who is an anonymous entity named ‘Rose'/Big60ss While running the IRC network, | made several internet friends who changed my life by mentoring me in various other aspects of crime, specifialy financial, yet nat unethical. ME and my friend ‘Shane Duffy’ (From Sydney, Australia) alias ‘ShaneSigex3/‘Sigew’ used to dump databases and wrote a script for checking PayPal accounts, he found username: password, With this Paypal account checker, we bought RuneScape accounts on an ileg2! goming Forum called scythe (or sythe) where people who used to play cassie Runescape (Now known as OSRS or OldSchoo! funeScops}asedte rade incgame gold or coins for real fe153 money. Ths was known a RWT (Real word trading). 1 Millon Gold on Runes, Z sel {for around $3-$5 USD depending on market fluctuations. Together with my friend Shane, by the time-Keompleted:10™ grade, we mage os i j thousand dollars fr this game by staking, RWT, writing bots (Reflection based ja, bea and also color oriented Al bots which automated tasks in the game and sold the cog S we generated by botting and blew it up on our luxurious lifestyle, ' did my PU in Jain college, VV Puram where | chose PCMC (Physics, Chemisty, Mathematics and Computer Science).1 and picked up the habit of smoking “areas 8 Various other narote substances Such 25 Maya, drinking alcohol, and consur Cocaine, MDMA, LSD, DMT, 5-MeO-DMT, Salvia Divinorum; Kanna, Ritalin, Adder Ayahuasca. Over the course of 2 years, I learnt that by the end of my 1* PY or ea 2* PU days about the existence of a cryptocurrency called Bitcoin. When learn about bitcoin, colloquially known as ‘BTC’ in the eryptocurrency P2ce, the Price was about $200. Sue to the pseudo-anonymous nature of bitcoin, a person by the names of ‘Ross ulbriche made the first darknet market from which | initially imported drugs to India for personal consumption. This market was called Silk Road 1,0 | ordered several packages in 2 years which all su¢cessfally cleared customs. Addicted to the lifestyle of drugs and crime, | changed into a habitual user of nireae Substances and picked up the habit of dropping acid at rave parties (Also known a Psychedelic parties), : {an away to the Himalayas.at the age of 17 with my friend Rithvik and ended upia Badrinath in the Himalayas. A case was registered at Siddapura police station (Mising Persons) and Tilaknagar police station (By Rithvik’s mother). Eventually, due to 8 technical folly, the Tilaknagar Police found us in Mathura, at ISKCON and brought us back to Bangalore, \joined my B.Sc. in Computer Science jn+54 toa web of bitcoin traders in AMS, and my friends Tim Kamer and Edu driessen started a bitcoin exchange called satos.nl which was the only fegally authorized exchange tO deal yy tenure in TU ‘who used tO in cash following KYC norms by ABN amro bank’s AML head. During ™ gindhoven, came in contact with a driver by the name of Walid Attadlout drive me around the country to deal in cash exchanges. Our daily turnover W/25 around s50k-100k EUR on which we made around a 3-5% margin on the deals. one day, | had accidentally dropped my brothers’ house keys in my driver's cor and he eventually used the same keys to enter my house illegally and steal my passport: ™Y rother's passport, 2 laptops, cash in EUR, a hard drive and 2 cameras. Walid wos arrested and produced before the court in NL but | did not receive my laptop back which had around $3M USO in BTC seing broke, with no money, | started off from scratch by further expanding mY network of friends to Italy, Switertand, Sweden, France, and Germany. This network of bitcoin traders quickly allowed me to recuperate my losses by marginalized trading after 2 hack of an exchange (Bitfinex) In 2015 | returned to India and became friend with Nalpad and company and started chilling with them, this was done through my friend Marsh DK who isa clissmate of Omar Nalpad. We chilled for around 3 years ona daily basis and in 2018a case happened in UB city Farti Café in which they were arrested and sent to jail for 4 months and I was got the bail. We eventually separated since I became close with Sunish absconding un! Hegde and gang introduced by Prasiddh Shetty in 2018 due to which may reputation with Nalpad faded, have downloaded the bitcoin-core software which is an official tool to send or receive bitcoins, | used this tool since a long time and have done most of the transactions using the same.MoO PupilPod ~1 hacked my school’s online attendance and marks portal by exploting | upload bugin the photo feature of the website and gave my friends attendance ang, with no monetary benefit, Booked tickets for IPL, parties, movies, etc. using vouchers...no monetary benefit, Made 500 subjects passat the rate of Rs, 30,000 INR each, profited around 1.Ser | hacked into Netaindia datacenter, in December 2016 using Remote code execution vulnerability, where all the sites and domain where hosted-from which I could hack ing NOTY, Vijaymalya, Rahul Gandhi, Barkha Dutta websites, twitter accounts detail and ons addresses. l changed the mail server records of these servers and reset the passwords o these twitter accounts and got access to these high-profile accounts. | have a log ofthe chat in pertaining to the above hack in my skype account. Cases have been registered with Delhi's EOW against a pseudonym ‘Legior | have a log in my skype chats talking to friends about moving around €80000 from cold wallets in India to Europe. | have 2 log of chats in Facebook with a friend talking about narcotic pills, MDMA. Labo have sent courier of weed to my friend and these chats can be found in my skype account Bitclub Network - In 2017 December | hacked into Bitclub networks exchange servers and {got access to main servers and withdrew around 100BTC and also dumped the source code and the database containing the user accounts data like username, passwords be address etc. PPPoker ~I hacked this Chinese website in 2017 and 2018 where | hacked into pppote! club network and got access to database via admin panel, I dumped the admin datab# and also the mail server database which can be found on my laptop. | did this at the beh of Sunish, where | wrote a program which allowed him to see the cards of other plave™* assumed profit from this job for him was around 2cr. He must have spent 60L 00 ™* hotel bills in Goa as | was staying in the Taj Presidential suite In Aguada for amos sf Xf this job, he earied my:loval? Ls76 respect since he seemed lke a guy that could be trusted, litte did | kriow that there lived a demon inside him waiting to extort the living hell out of me. E CCI Panama ~ In-August 2017:-hacked into CCt panama web panel, which is an offshore hosting website, | got access to Remote desktop connection details, admin panel login getails, CCI client details, CCI panama email server setup configuration files, | also got access to firewall settings which allowed to access the network etc. which can be found on my laptop. ln May/une 2029, | hacked into eProcurement site of Govt of Karnataka where | exploited 2 remote code execution vulnerability and got access to the bidder information and downloaded all the files relating the bids happening at that moment, the hack allowed me to download excel files containing the transaction details, bid reference, payment amount, IFSC codes, Account numbers of bidder etc. Procurement ~ On August 2018 | tried to hack into eProcurement site using a tool called in attacks. But '2p” which is @ database attacking tool which is used for SQL injec the exploit did not work at the time and hack was unsuccessful Eproc karnatake.gov.in— We hacked this site in 2019 and made 3 separate transfers. 2 of the accounts were given to me by Mr. Hemanth Mudappa for a total of 18 crores in one 2ccount and 28 crores in the other. Hemanth claimed he collected 2 crores cash from an tity called Ayub whom | do not know. However, the CID claims that 11 crores were collected by Mr. Hemanth Mudappa. | initiated the second transfer of 28 crores while sitting in the Himalayas ~ Ananda spa and resort at the instruction of Mr. Sunish Hegde. This transaction was presumably refunded because the government apparently got to know about the dubious nature of the transaction. ! did not profit from this; however, 1 did enjoy from the proceeds of the crime by livingin 5-star hotels and enjoying a luxurious lifestyle from the proceeds of the same. | Hacked Poker Baazi, with my own skills and transferred 70L from the bank account (RAL bank) and a case was registered*at the Cybercrime PS of Bangalore. The money was returned, and the case was withdra} 24a * 62 complaint was filed at the Cybercrime PS by Mr. Puneet Singh who is the owner of aay, Networks Ltd. In 2018 November I have downloaded the acknowledgement for:the:8TC-transaction, Which came in from Helix mixer amounting around 510 BTC which basically was a from hack of Bitfinex Exchange from the hacking group | was a part of and later those funds were transferred to Netherlands to my friend’s account. PokerDangal and PokerBaazi use similar software, developed by DigiEnt technologies trp, and hence it was easy to exploit the same class of bugs and see cards and withdraw money by using the unfair advantage of seeing other players hands. ln April 2020 | again hacked into PokerBaazi development server from which | installed a backdoor “jar” file which gave ime access to the mail servers, game servers, database, and Aws infrastructure. From which | dumped fiscal year statements from the mail and GIT keys. Hacked Bitfinex or bitcentral around 2015, dumped database, made around 1.5CR in BTC and spent it on hotel bills and helping friends. Hacked cmp.onlinesbi.com using 2 bug in apache struts (which was already a 1-day exploit) and used it to transfer money from the cash management portal, tested it with Land eventually had to refund it before i could do the bigger transaction. The verification system of the cash management treasury portal involved a maker and a checker account, by reverse engineering the protocol initiated this transfer. A case was registered, and the bug was patched, Exploited an SQL injection bug on a sub domain, gained root access to the DC, "9 monetary gain..just for fun. Dumped the database of players of Jungle Rummy, tried to withdraw money, and fale no monetary gain as the withdrawal was blocked in the initial test stages. a Hacked Rummy Circle website and dumped the database with the intent of making ™ own website and luring the clients of this website. Still in progress of making mY rummy site, code is ready.nos sack in September 20201 made seageh for 237000 USD to INR conversion rate, The same canbe found on my laptop. nave made a search on Chipmiterelectrum plugin back in September 2020, this s the tool used to obfuscate the BTC transactions, ‘browsed bitkeys. work website in September 2020, which | used to get the latest btcoin dresses with high Balances. The website s 2 portal where It lists the BTC addresses with high batances which are active, sn september 2020 | have visited blockchain.com website to check the balance and ledBer + ransactions on multiple addresses, these addresses might have been from bitfyer and FCCE hack. on September 2020 I visited manulinux.org website which is @ code repository for exploit codes based on the hackers needs. | browsed around various SQL injection, file system exploits codes and tutorials on how to hack using these vulnerabilities in August 2020 | started to enumerate various websites for finding vulnerabilities in them. | used cenysy.io website to find the Open ports on any website or server and check f they canbe hacked by using any exploit codes. lalso visited a github repo called “Seclist” which is an openssource code repo which contains wordlist for commonly used passwords, usernames, and other types of wordlist. inaugust 2020 1 hacked into Spartan poker @ poker gaming site from Bangalore, | exploited vulnerability from OpenCMS a CMS module that the site was running on. | exploited the vulnerability which gives me a reverse backdoor connection to the site which basically is alike a command center access where I can control the whole site from my laptop, the exploit code logs are found on my laptop. ‘on august 2020 | hacked into pokersaint website using an exploit called remote code execution, using which got access to the server and started a reverse shell on the server which basically acts as a remote-controlled server. From which | was able to see the whole source code and database. 24"64 In august 2020 I tried to hack into a betting site called allnewbet.com | enumerated so, me URIs on the website but was not able to successfully hack into the servers. The urs history ccan be found in. my laptop: A history can be found on my laptop searching for wallet-Key-tooL Jar atOo} use wae key-tool jar tool to derive private keys from the hacked wallets which can be used later tg * send transactions from these hacked wallets, This tool can aso be used to convert the given wallet keys into different formats of BTC keys. A istory forthe search of Pywallet can be found on my laptop broviser Fistor, Prat is used for dumping a private key from the wallet.dat file which | stole fromthe hack. history of eryptofees.net canbe found on my browser which | used to check the fee rate for BTC transfers depending.on that | used to set fees the al the transactions | made Crimes committed on abroad companies uneScape.com ~ This was 2 game | hacked as an early teenager and sold gold onthe game for money on PayPal and LibertyReserve, which is @ now defunct website as the owner of the website (LR) was arrested for money, laundering, and faulty KYC poides Made approx. $1M USD total from this game and spent it on hotels and friends and msc expenses. Tipit was a forum where RuneScape members interacted with each other, It had around 100k registered users ~ | hacked this database by exploiting a ‘Oday in phpMyAdmin dotabase management tool) and rooted it and dumped the list of emails and passwords Using this list, Itried them against various users of RuneScape and since many peopleused the same password on the game as well as the forum, | profited off it. Approx profit $1.2m USD ~ blown on friends, hotels, luxury expenses, Sythe was a forum where game members used to interact with each other and sell the accounts and goods on online games illegally. | exploited a bugin vBulletin ‘ax which lf 7 to an RCE, | dumped this database of the illegal trading website and hence ended ve ¥™ i! another set of emails and passwords which | tried against RuneScape and found» 65 dexmant account with gold and valuable items inthe game which | then 301 or profit. Approx. profit: $400k USD When our forum community split into two due'to : feud between the running administrators, as instructed by my mentor Rose | hacked the website ‘niickyOu.org’ to redirect the loyal members back to héckyOu.org, nonprofit job, for rep P his was a hacker forum which had a feud with our forum, we hacked it just to prove superiority of our skills: P sitfinex was my first big bitcoin exchange hack, the exchange was hacked twicer and | was the fist person to do so, the second instance was a simple spear Phishing attack which sed to2 Israeli hackers working forthe army getting acess to the computers of one of the employees, which gave them access to the AWS cloud account. In my manner of hacking, | exploited a bug in the datacenter which gave me KVM (Kernel based virtual machine) access to the server, | rebooted the server into GRUB mode, reset the root password, logged in, and reset the withdrawal server passwords and routed the money VP bitcoin- lito my own bitcoin address. Approx profit: 20008TC, didnt save anything... blew it up sn the lunurious lifestyle which | continued by spending around 2-31 2 day on alcohol and hotel bills at an average. The price of bitcoin during the time of this hack was around $100- 5200 (1 do not recall the profit in USD), which was spit 2 way with my fiend Andy from the UK GGPoker ~ | attempted to hack this website at the Behest ‘of Mr, Sunish Hegde, who threatened me with dire consequences if filed to fnish te job. Being the top poker website in the world at that moment, surpassing even PokerStars, the task was considerably aifficut, However, over the course of 2 few months | dumped the database by exploiting 2 day bug in TeamCity and dumping the source code and fining the Keys for serialization of the GGCore Backend. At the time, the job was nearly completed, Sunish went to jail in an NOPS case which was the result of his own misdeeds and bad karma over the course of time. | had promised my fiend (Mr. Sunsh) SATE TAPmaCk relating to GGpoker, when | got#66 coins, but it has not reached him, he has recelved only 2 BTC which are stored in Suni, Phone, which was kept by me. have misplaced that phone. sitcointalk.org DB — | hacked this by exploiting a bug in Kayako Support suite (, deserialization exploit in NForce.eu which was the datacenter where the bitcointay, servers were hosted} This was the original forum where Satoshi Nakamoto himset discussed with community members till his abrupt disappearance from the community in 2013 and during this period | also hacked bitstamp and taken BTC. BYC-e.com = This was a major financial profit for me, the owner of this now defunct exchange is sitting in jal in France pending extradition to the US: hacked this by using a chain of 2 exploits, the first being the previous kayako bug | had discovered which gave me access to the support server ~ From the support server, | found out that the main server hosted at hetaner, finding @ database injection bug in hetzner I reset the server management password for the main btc-e server and dumped the wallet and made around 30008TC which was high priced at the time. Approx. profit: $3-3.5m Bit-Central: Approx. Profit, $100k USD. | hacked this website by exploiting a bug in the PRNG feature of OVH.eu which is 2 datacenter based in Europe. Once.|.mastered the method of predicting the password reset token, | targeted certain BTC based websites, the first one being bitcentral. | logged in to the OVH account, reboot the server into the recovery console, reset the root password and transferred:the BTC to my wallet. ‘Slushpool: This was a big bitcoin mining pool which was hacked by me, the profit being around $50k, using the same bug at the OVH datacenter and abusing the password est feature — resetting the root password via logging into the server via GRUB mode. The rest of the crimes were all committed in a similar manner by exploiting various unknown vulnerabilities which were discovered, | do not feel the need to mention technical aspects as the vulnerabilities described are similar in nature. | was also accused in crime no, 22/18 of Cubbon Park Police Station related to.2 fight a Farzi café, UB city. Regarding this case | have.al iven my statement to CCB in 204“67 transactions with Robin and Bitcoin ~ Bank statements and attached by Robin in his statement. ‘rangactions'witly Sunish ~ These transactions which happened are mentioned above as in the crimes committed, and the rest are given in Robin’s statement along with the necessary bank references to verify thelr authenticity. Mixexchange Ukrainian Exchange- Was hacked by me. Coins! - A Chinese website used to trade BTC, MPEX- Is a crypto exchange is an illegal bitcoin exchange hacked by me & also a crypto exchange trading platform. Paytiz- Is @ Bangladeshi exchange hacked by me in 2019. Havelock Investment: Is a stock trading platform for bitcoin users to trade, BTC 2pm.me- Is a website where people can exchange BTC to perfect money & PMCBTC is the same in reverse order. Both were hosted on the same Chinese backend which were hacked by me. fs 160 not have any banks accounts of my own al my transactions related to these were done via my friend robin, | would give him all the hacked bitcoins and he would then sell it and give me the money. | have given him more than INR:8.00 Crores worth of bit coins tilldate,Lalso have various Private Keys in my Cloud Account andif the access to the same is given | would be able to give back all the stolen bit coins which | stole from various places using my hacking skills and using command line scripts written by me. Before me Typed by me and found it correct, & Laishmikgnthalah 6 a 33