ED raid on loan apps reveals strong Chinese presence in crypto crimes

Crypto exchanges were transferring overseas the money these apps extracted from borrowers.

Published : Aug 26, 2022 16:45 IST

Hyderabad Joint Commissioner of Police Gajarao Bhupal with seized laptops after the cyber crime police busted a loan app racket, on March 9, 2022.

Hyderabad Joint Commissioner of Police Gajarao Bhupal with seized laptops after the cyber crime police busted a loan app racket, on March 9, 2022. | Photo Credit: NAGARA GOPAL

The Enforcement Directorate (ED), still preoccupied with unearthing corruption and money laundering among opposition politicians, has decided to turn its attention to those involved in the crypto business in the country as well. Raids on the offices of crypto-exchanges, which manage trades in and movements of these virtual coins, and a freeze on the assets of companies controlling them have stalled crypto activity in the country.

The Economic Times recently reported that the ED is probing at least 10 cryptocurrency exchanges for allegedly laundering more than Rs.1,000 crore of criminally acquired money. Coming in the wake of a one per cent capital gains charge (to be deducted at source) on digital transactions, which had eroded trading volumes in crypto markets, these moves are expected to cripple the crypto business.

Such a setback is no cause for concern, however, given that this sector is a site for speculation and illegal activity. But the fact that this possible outcome is not the result of a ban, which the government and the Reserve Bank of India (RBI) have on occasion favoured, but one of taxation and investigations relating to criminal activities, points to the lack of clarity in the government’s cryptocurrency policy and the ineffectiveness of whatever intervention is being adopted.

Targeting lending apps

The investigation of criminal activity that led up to the raids on the cryptocurrency exchanges was not originally targeted at this industry, but at the app-based online lending business. The story is one of crude and predatory extortion of huge sums from misinformed and gullible borrowers by loan app businesses, using a combination of deceit, fraud and coercion.

Attracted by offers made of instant loans that required no documentation or collateral, cash-strapped or pathological borrowers logged in to such apps and obtained loans, for which they had to reveal information varying from digital identity markers to their social media profiles, contact lists and photo galleries. Often, such data was accessed without informing the client, once permission to access some data stored on the user’s phone was obtained. In some instances, loan app managers even engaged illegal call centres to hack into the user’s phone and steal data.

Also read: When the crypto casino crumbled

The loans advanced by these apps are given for short periods of time at interest rates that are usurious, making repayment near impossible. When the much-too-early repayments fall due and default is a possibility, the lenders unleash a barrage of online weapons aimed at threatening or shaming clients into finding ways of extricating themselves from the situation after paying hefty sums inflated because of absurdly high interest rates and penalties imposed.

The attacks included threatening calls, often at unearthly hours, disparaging and defamatory messages to relatives, friends and colleagues demanding their intervention to ensure payment, and the use of morphed images—even of an obscene kind—to shame the victim, all with the aim of pressuring borrowers to pay up huge sums.

According to reports, the sums demanded for loans advanced for a few weeks were exorbitant multiples of the original amount borrowed, and on occasion payments were demanded from individuals who had just made inquiries and not resorted to any borrowing. Unable to suffer the bullying, some of the victims paid up by liquidating every available asset, a couple committed suicide because of the harassment, and a few turned to the police.

Money trail

When the number of such complaints mounted and investigations began, the trail of the huge sums of money extracted from these borrowers not only faded but went beyond the jurisdiction of Indian agencies. It turned out that shell companies set up to manage these apps received their capital and their returns in rupee wallets that were used to convert profits into digital cryptocurrency tokens. Those tokens were then transferred to cryptocurrency wallets outside the country.

  • ED goes after crypto exchanges to freeze loan app monies.
  • Loan apps were charging usurious interest rates.
  • Lax KYC norms allowed transfer of crypto exchange sums overseas.
  • The crypto business is imploding owing to a lack of clarity in the fintech space.

To transform rupees into cryptocurrency equivalents and to transfer those cryptocurrency sums abroad, the operators used the legal crypto exchanges operating in the country, whose lax know-your-customer (KYC) practices allowed the transactions to go through without any difficulty. According to the investigating agencies, the operators of many of these loan apps were foreign agents from multiple locations, predominantly Chinese. In most cases the individual beneficiaries of the foreign wallets remain unidentified.

A typical example is Yellow Tune Technologies Ltd, a Bengaluru-based ‘fintech’ firm. The ED’s investigations reportedly revealed that Yellow Tune was a shell company with Chinese nationals on its board. Entities engaged in predatory lending deposited funds in the rupee wallets of Yellow Tune, which were then converted into cryptocurrency tokens and transferred to crypto wallets outside the country.

Representations of the Ripple, Bitcoin, Etherum and Litecoin virtual currencies.

Representations of the Ripple, Bitcoin, Etherum and Litecoin virtual currencies. | Photo Credit: REUTERS

The ED’s raid revealed that through transactions in Flipvolt, a crypto exchange that is the Indian arm of a Singaporean lending startup called Vauld, Yellow Tune had transferred overseas at least Rs.370 crore that had been deposited into its rupee wallets by as many as 23 entities engaged in predatory lending. But searches conducted at various premises of Yellow Tune to locate the owners of the company and the recipient wallets found them untraceable owing to a host of reasons. The ED said: “Lax KYC norms, loose regulatory control of allowing transfers to foreign wallets without asking any reason/declaration/KYC, non-recording of transactions on blockchains to save costs, etc., has ensured that Flipvolt is not able to give any account for the missing crypto assets.”

Given the failure to prevent the original predatory actions that constitute the crime, and to bring to book the loan app operators who are the principal perpetrators of the crime, the subsidiary role of the crypto exchanges became the focus of attention and action against them followed.

For example, to cover the Rs.370 crore transferred abroad through Flipvolt, its bank and payment gateway balances worth Rs.164.4 crore and crypto assets in pool accounts worth Rs.203.26 crore were frozen.

But the real damage is not the frozen assets of the exchange but the reputation loss. In fact, in the more high-profile instance of an ED raid on the WazirX crypto exchange, only Rs.64.67 crore of bank assets could be frozen, whereas the show cause notice issued to the company under the Foreign Exchange Management Act questions it “for allowing outward remittance of crypto assets worth Rs.2,790 crore to unknown wallets”. But the reputational damage following the raid has frozen almost all activity on the exchange.

Also read: The crypto phenomenon

The ED said that the exchange had “actively assisted around 16 fintech companies under investigation on charges of money laundering to divert their alleged proceeds of crime using the crypto route”. The agency probe also found that the exchange had a complicated ownership structure.

The exchange was in alleged violation of KYC norms and had failed to conduct any enhanced due diligence (EDD) or raise any suspicious transaction reports (STRs), according to the ED. This is yet another instance of a conduit for the flow of proceeds from criminal activity becoming the principal target rather than the perpetrators of the activity itself.

Unclear law on digital lending

Part of the reason behind this is that the law on online lending by fintech firms is ambiguous, owing to the conflict between the need for regulation and the government’s commitment to encouraging fintech of various kinds.

Until recently, the RBI’s views regarding online lending were not clearly stated. It was only in November 2021 that the RBI formulated a regulatory framework based on the report of a Working Group on “digital lending including lending through online platforms and mobile apps” constituted for the purpose.

Reserve Bank of India Governor Shaktikanta Das.

Reserve Bank of India Governor Shaktikanta Das. | Photo Credit: PTI

It classified the universe of digital lenders into three groups: (1) entities regulated by the RBI and permitted to engaged in the lending business; (2) entities authorised to carry out lending as per other statutory/regulatory provisions but not regulated by RBI; and (3) entities outside the purview of any statutory/regulatory provisions and engaged in lending activities.

The RBI’s framework recommended that lending using digital lending apps (DLAs) be restricted to regulated entities registered under any law. With regard to the third group of entities, which are the ones involved in the predatory lending scam, the RBI recommended that the government may consider framing legislation for banning of unregulated lending activities and the setting up of a Digital India Trust Agency to verify DLAs.

Clearly, as of now that recommendation has not been put into practice. With the law on digital lending unclear, the companies tracked down for illegal online lending practices are being charged under sections relating to extortion, cheating, and forgery of the Indian Penal Code and sections of the Information Technology Act relating to dishonest or fraudulent hacking of a person’s computer or of circulating obscene material.

Nischal Shetty, founder of WazirX.

Nischal Shetty, founder of WazirX. | Photo Credit: Balakrishnan K

Meanwhile, the threat to the crypto exchanges has triggered dissension within some of these entities, as former partners want to individually absolve themselves of the responsibility for the transactions being scrutinised by the investigating agencies. This has led to a spat on Twitter between Nischal Shetty, the founder of WazirX and co-founder of Zanmai Labs that originally owned the crypto exchange, and Binance chief executive Changpeng Zhao.

In 2019, Binance had reported that it had acquired WazirX from Zanmai. But, following the ED raids, Changpeng declared that “Binance does not own any stake in Indian cryptocurrency exchange WazirX” and that “Binance does not own any shares in Zanmai Labs, the entity operating WazirX and established by the original founders”.

In essence, Binance was denying any role in WazirX’s trading operations. But Shetty insists that “WazirX was acquired by Binance” and that “Zanmai Labs is a separate entity that has a licence from WazirX (owned by Binance) to operate INR/Crypto pairs on WazirX”. It also claims: “Crypto-to-crypto transactions and withdrawals are being operated under Binance through their ownership of WazirX.”

Shetty wants to hold Binance responsible for the transfer abroad of “the proceeds of crime”.

It appears that the absence of clarity on what to permit in the fintech space and how to regulate permitted operators has created a situation where the crypto business is imploding, while the government prevaricates and postpones the decision on what to do with it.

More stories from this issue

Sign in to Unlock member-only benefits!
  • Bookmark stories to read later.
  • Comment on stories to start conversations.
  • Subscribe to our newsletters.
  • Get notified about discounts and offers to our products.
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide to our community guidelines for posting your comment