Cashaa Token

🔴 High Risk

Cryptocurrency has emerged as a double-edged sword in India—fueling innovation in digital finance while simultaneously exposing the financial ecosystem to increased risks of money laundering and related crimes. The decentralized and pseudonymous nature of cryptocurrencies creates unique vulnerabilities, enabling illicit actors to exploit gaps for laundering proceeds from cyber thefts, frauds, and other crimes. In recent years, India has witnessed significant money laundering incidents involving cryptocurrencies, exposing shortcomings in regulatory frameworks and enforcement mechanisms. Despite strides in legislation, such as including virtual digital assets under the Prevention of Money Laundering Act (PMLA) and mandating stricter KYC/AML compliance for crypto exchanges, enforcement challenges persist. These challenges are underscored by high-profile hacking and laundering episodes involving Indian crypto exchanges and cross-border laundering channels. The growing sophistication of laundering techniques, including coin mixing and layered transactions across multiple exchanges, demands a robust, multi-pronged response from regulators and stakeholders to safeguard India’s financial system from the illicit exploitation of cryptocurrency platforms. This context provides the backdrop for understanding the money laundering case involving Cashaa Token and its implications for India.

In July 2020, the UK-based cryptocurrency exchange Cashaa suffered a high-profile cyber theft in which hackers stole over 336 Bitcoin by compromising a digital wallet through malware installed in the company’s system. The hacker(s) are believed to have been based in East Delhi, India, making India a direct location involved in the laundering activities. After the theft, the stolen Bitcoin were laundered using coin-mixing techniques and passed through various exchanges, including several in India. This laundering activity exploited gaps in crypto security and regulatory environments enabling hackers to convert stolen crypto assets into usable funds with obscured trail. Cashaa quickly reported the incident to Indian cybercrime authorities and cooperated with Indian exchanges, which vowed to help track the movement of stolen funds. This case exemplifies the dual challenge in India of combating cryptocurrency-related cybercrime and money laundering despite efforts under the Prevention of Money Laundering Act and other regulatory frameworks. As such, the case underscores the ongoing risks and illegal use of cryptocurrency platforms including Cashaa in India-centric cyber theft and subsequent money laundering activities.

Countries Involved

United Kingdom (where Cashaa is based) and India (suspected hackers in East Delhi, India)

July 10-11, 2020 (hacking and theft discovered, reported soon thereafter)

Bitcoin (BTC)

Cyber Theft, Money Laundering (through compromised wallet transfers and laundering channels)

Cashaa Exchange, Unknown Hacker(s) allegedly based in East Delhi, India; Indian crypto exchanges such as CoinDCX, WazirX, Bitbns involved in tracking the stolen funds

No public information indicates Politically Exposed Persons were involved.

The hacker(s) installed malware on Cashaa’s system to monitor login activity initiating Bitcoin transfers. They then transferred stolen BTC using coin mixing software such as CoinJoin to obfuscate the trail, facilitating laundering through multiple exchanges including some Indian crypto platforms, thereby masking ownership and origin of the stolen Bitcoins.

The stolen amount was approximately 336 BTC, valued over $3 million USD at the time.

The attack happened as malware alerted hacker(s) during employee login and asset transfer, enabling a swift theft in 3 minutes. Subsequent laundering attempts involved moving the stolen Bitcoin through exchanges for cash out, with Indian exchanges notable in cooperation to track and attempt to freeze such movements. This highlights vulnerabilities exploited for laundering stolen crypto assets by spreading through multiple platforms to conceal illicit origin.

Cashaa filed a cybercrime report with Delhi Police’s cybercrime authorities. Major Indian crypto exchanges pledged collaboration for tracking. Cashaa publicly shared hacker wallet addresses to block withdrawals on other platforms. Indian regulatory frameworks such as the Prevention of Money Laundering Act (PMLA) empower authorities to investigate cryptocurrency crime including related money laundering. Enforcement agencies have acted against crypto frauds and initiated seizures under applicable laws in India, reflecting ongoing regulatory efforts in this sector.

Cashaa Token
Case Title / Operation Name:
Cashaa Cryptocurrency Exchange Bitcoin Theft and Money Laundering Incident in India
Country(s) Involved:
India, United Kingdom
Platform / Exchange Used:
Cashaa Exchange, Blockchain.com wallet, Indian crypto exchanges e.g. WazirX, CoinDCX, Bitbns
Cryptocurrency Involved:

Bitcoin (BTC)

Volume Laundered (USD est.):
Approximately 336 BTC (~$3.1 million USD)
Wallet Addresses / TxIDs :
Hacker wallet address: 14RYUUaMW1shoxCav4znEh64xnTtL3a2Ek (BTC address published by Cashaa)
Method of Laundering:

Malware installation on employee system to monitor logins; quick BTC transfers; use of coin mixing software (e.g., CoinJoin); layered transactions through multiple exchanges

Source of Funds:

Cyber theft from Cashaa’s blockchain.com wallet; unauthorized wallet access via malware

Associated Shell Companies:

N/A

PEPs or Individuals Involved:

N/A

Law Enforcement / Regulatory Action:
Cybercrime incident reported to Delhi Police cybercrime unit under cryptocurrency crime category; Indian exchanges cooperated in monitoring and freezing suspicious addresses; board meeting called by Cashaa; heightened AML scrutiny on Indian crypto platforms
Year of Occurrence:
2020
Ongoing Case:
Ongoing
AML Network Risk Rating:
🔴 High Risk
Quick Links:
Popular Pages:
Disclaimer & Legal:
Facebook-f Twitter Youtube
© 2025 AML Network. – All Rights Reserved.