The Ministry of Home Affairs has flagged 27 Indian cryptocurrency platforms as conduits for laundering Rs 623.63 crore from 2,872 victims between January 2024 and September 2025. Officials describe this as the tip of the iceberg in India's unregulated virtual assets sector. Major exchanges claim full compliance amid foreign ownership structures and past regulatory issues.
A Ministry of Home Affairs report has spotlighted the misuse of Indian cryptocurrency platforms by cybercriminals, highlighting the pseudonymity of blockchain and the lack of regulation in the sector. Data from the National Cybercrime Reporting Portal shows Rs 623.63 crore in crime proceeds laundered through 27 Virtual Asset Service Providers (VASPs) from 2,872 victims over 21 months, far exceeding Rs 25.3 crore via 12 foreign exchanges.
The Indian Cyber Crime Coordination Centre (I4C) analyzed complaints where victims lost funds through fake trading apps, which were converted into digital assets and layered across wallets. I4C shared a list of these VASPs, including top players like CoinDCX, WazirX, Giottus, ZebPay, Mudrex, and CoinSwitch, with enforcement agencies and the Financial Intelligence Unit.
CoinSwitch denied any such transfers, stating it operates in a 'fully ringfenced and compliant environment.' CoinDCX emphasized advanced security like multi-signature wallets. Mudrex's Pranjal Agarwal noted that FIU-registered platforms since 2023 conduct stringent KYC and AML checks, with INR funds exiting only via banks. Giottus CEO Vikram Subburaj compared exchanges to neutral platforms like Swiggy, arguing they facilitate lawful trade without complicity.
Many platforms have foreign holding companies, often in Singapore or Delaware, cited for ease of capital raising and regulatory uncertainty post-2018 banking bans. A CTO anonymously mentioned tax angles and the need for layered operations. GST evasion reached Rs 824.14 crore across 17 exchanges, with Rs 122.29 crore recovered by December 2024.
Incidents like WazirX's $235 million hack in July 2024 and CoinDCX's Rs 384 crore breach in July 2025 have eroded trust, alongside Enforcement Directorate probes into FEMA violations and inadequate KYC. Nischal Shetty of WazirX said 85% of liabilities were repaid post-hack. The Enforcement Directorate and FIU are investigating if platforms acted as 'crypto mules.'