The discovery has put the security establishment on high alert, with officials warning that these shadow flows are aimed at reviving separatist elements and reigniting anti-national rhetoric in the Union Territory – activity that had largely been neutralised through sustained crackdowns by police and central agencies.
Mirroring the traditional hawala system, in which money moves through informal, non-banking channels, the digital version exploits the anonymity of unregulated cryptocurrency. Officials said this allows operators to erase financial trails while injecting funds directly into the domestic economy.
India mandates that all Virtual Digital Asset Service Providers (VDA SPs) register with the Financial Intelligence Unit (FIU). However, officials said the newly detected network operates completely off the grid, avoiding regulatory oversight and monitoring mechanisms.
Security agencies believe the use of cryptocurrency has added a new layer of complexity to counter-terror financing efforts, enabling foreign handlers to move money with speed and secrecy while evading conventional detection tools.
For the 2024-25 fiscal year, only 49 exchanges have registered as legal reporting entities, prompting the government to come out with fresh guidelines that include a mandatory liveness detection and geographical tracking, besides asking users to take a “live selfie” using software that verifies their presence, typically through eye-blinking or head movement.
The “penny-drop” method, which involves processing a nominal Re 1 transaction to confirm that the bank account is active and belongs to the registrant, is required. In addition to a Permanent Account Number (PAN), users must provide a secondary ID, such as a Passport, Aadhaar or Voter ID, verified via OTP.
A detailed study done by the Jammu and Kashmir Police, along with central security agencies, identified people in countries like China, Malaysia, Myanmar and Cambodia directing people in the union territory to create private crypto wallets, which are often set up using a Virtual Private Network (VPN) to avoid detection and require no Know Your Customer (KYC) or identity verification.
The Jammu and Kashmir Police has already suspended the use of VPNs in the valley as registering in crypto wallets was increasingly seen in the region of late. The VPN is a handy tool for terrorists as well as separatists to avoid detection.
The officials said the foreign handler sends cryptocurrency directly into these private wallets, placing the funds under local control without involving a regulated financial institution, and the wallet holder travels to major cities like Delhi or Mumbai to meet unregulated peer-to-peer (P2P) traders and sell crypto for cash at negotiated rates.
This effectively “breaks the financial trail,” allowing foreign money to enter the local economy as untraceable cash, the officials said.
The key to this network is the use of “mule accounts,” which are parking accounts that layer transactions. To keep the system running, syndicates have set up a structured commission system where such an account holder earns anywhere between 0.8 to 1.8 per cent per transaction.
The officials said that mule accounts belong to ordinary people who are motivated by the promise of commission and are assured that their role is safe and they are merely allowing their accounts to be used temporarily as parking accounts. All control of their bank accounts, including net banking usernames and passwords, is handed over to the scammer.
A single scammer is typically provided with multiple mule accounts, often ranging from ten to thirty accounts at a time, the officials said.
The officials said the rise of crypto hawala throws a new challenge of off-exchange trading and, by operating in the “grey market,” these traders evade the anti-money laundering laws that apply to registered entities.
Officials warn that the “crypto-hawala” method is designed to bypass formal banking systems and avoid leaving any financial traces. By moving money from a digital private wallet to a physical cash transaction in a different city, the “financial trail” is effectively cut off.
Despite the FIU’s efforts to regulate 49 major exchanges, the rise of “crypto hawala” presents a significant challenge for enforcement agencies since it allows foreign-sourced funds to enter the local economy without going through a regulated financial institution.