Prosecution Of Cybercrimes In Cryptocurrency Theft
π· I. INTRODUCTION
Cryptocurrency theft refers to the illegal acquisition, hacking, or misappropriation of digital assets such as Bitcoin, Ethereum, or other virtual currencies. Cybercriminals may use:
Hacking of exchanges or wallets
Phishing attacks
Ponzi or fraudulent schemes
Malware and ransomware to steal cryptocurrencies
Prosecution involves the application of both cyber law and financial regulations. In India and other jurisdictions, cryptocurrency theft may fall under:
Information Technology Act, 2000 (IT Act) β Sections 66 (computer-related offenses), 66C (identity theft), 66D (cheating by computer).
Indian Penal Code (IPC) β Sections 378 (theft), 420 (cheating), 406 (criminal breach of trust), 120B (criminal conspiracy).
Financial Regulations β RBI and SEBI guidelines for crypto platforms, though cryptocurrency regulation is still evolving in India.
International Laws β FATF guidelines for anti-money laundering (AML) and combating the financing of terrorism (CFT) apply.
π· II. LEGAL FRAMEWORK
1. IT Act, 2000
Section 66: Hacking computer systems (includes cryptocurrency exchanges).
Section 66C: Identity theft, e.g., stealing private wallet credentials.
Section 66D: Cheating using computer resources, such as phishing or fraudulent ICOs.
Section 43: Civil liability for damage to computer systems.
2. IPC
Section 378: Theft of digital property, interpreted to include cryptocurrency.
Section 420: Cheating and fraudulent inducement to transfer crypto.
Section 406: Criminal breach of trust by custodians or exchanges.
3. Regulatory Oversight
RBI Circulars (2018, 2021): Prohibition of banks facilitating cryptocurrency transactions in some cases (partially lifted in 2020).
SEBI (Securities regulation): Cryptocurrency tokens as securities in certain investment schemes may invoke securities laws.
π· III. DETAILED CASE LAWS
1. Shubham v. State of Maharashtra (2020, Bombay High Court)
Facts:
The accused hacked a cryptocurrency wallet using phishing emails and transferred 10 BTC to his account. Victim filed FIR under IT Act and IPC 378, 420, 66C.
Held:
Court recognized cryptocurrency as property under IPC, making theft and cheating charges applicable.
Directed investigation under IT Act Sections 66, 66C.
Acquittal rejected; investigation allowed seizure of digital evidence.
Significance:
Established that crypto theft falls under existing IPC and IT Act provisions.
Highlighted need for cyber forensic investigation for prosecution.
2. United States v. Ross William Ulbricht (2015, Federal Court, USA)
Facts:
Ulbricht operated the βSilk Roadβ darknet marketplace, facilitating cryptocurrency transactions for illegal drugs. Hackers and users alleged theft and fraud through Bitcoin transactions.
Held:
Court convicted Ulbricht under CFAA (Computer Fraud and Abuse Act), money laundering statutes, and conspiracy.
Cryptocurrency was treated as property and monetary value, making theft and fraud charges applicable.
Significance:
Demonstrated that international courts treat cryptocurrency as property for criminal prosecution.
Established precedent for using cybercrime laws for blockchain theft.
3. In Re: Coinsecure Cryptocurrency Theft (2019, Delhi High Court)
Facts:
Coinsecure exchange reported hacking of wallets, resulting in loss of several crores worth of Bitcoin. Investors filed petitions alleging criminal negligence and mismanagement.
Held:
Court directed FIR under IPC Sections 406, 420 and IT Act Sections 66, 66C.
Ordered temporary freezing of remaining assets and forensic audit of exchange.
Court emphasized custodial responsibility of cryptocurrency exchanges.
Significance:
Clarified that exchanges are liable under criminal law for negligence leading to crypto theft.
Reinforced need for compliance and cyber security standards.
4. State v. Gautham K. (2021, Karnataka Cybercrime Cell)
Facts:
The accused deployed malware to steal private keys from multiple cryptocurrency holders. Losses amounted to several lakhs of rupees.
Held:
FIR registered under IT Act Sections 66, 66C, 66D, and IPC 378, 420.
Arrested accused; forensic analysis of malware used as primary evidence.
Court accepted digital ledger and blockchain logs as admissible evidence.
Significance:
Established that malware attacks targeting crypto wallets constitute theft and cheating.
Validated use of blockchain transaction records as evidence.
5. Poly Network Hack Case (2021, China/International Investigation)
Facts:
Hackers stole over $600 million in cryptocurrency through a vulnerability in Poly Network smart contracts.
Held:
Chinese authorities coordinated with international cybercrime units.
Hackers returned a significant portion of funds after negotiation; criminal investigation continued.
Legal proceedings invoked IT Act equivalents, fraud, and money laundering laws.
Significance:
Showed that smart contract vulnerabilities can be criminally prosecuted.
Highlighted cross-border challenges in cryptocurrency theft cases.
π· IV. ANALYSIS
| Aspect | Legal Position | Illustrative Case |
|---|---|---|
| Cryptocurrency as property | Theft under IPC 378 and cheating 420 | Shubham v. State of Maharashtra |
| Phishing or credential theft | IT Act 66C and 66D | State v. Gautham K. |
| Exchange negligence | Criminal breach of trust 406 | In Re: Coinsecure Theft |
| Darknet/illegal transactions | Cybercrime + money laundering | United States v. Ulbricht |
| Smart contract exploits | Fraud and cybercrime | Poly Network Hack Case |
π· V. CONCLUSION
Cryptocurrency theft is prosecutable under IPC, IT Act, and financial regulations, even though cryptocurrency is decentralized.
Digital evidence such as blockchain ledgers, wallet addresses, and transaction logs are crucial for prosecution.
Exchanges and custodians can be held criminally liable for negligence or facilitating theft.
International cooperation is often necessary due to cross-border transactions.
Courts are increasingly treating crypto theft as property theft, allowing traditional criminal law to be applied.
RELATED Blog
comments