Srikrishna Ramesh, Image Credit: India.com
Bitcoin scam: Sriki had full access to Junglee Games
This is the third story in the series which the blrpost.com is bringing out based on the chargesheet filed by the Special Investigation Team (SIT)
Bengaluru
Srikrishna Ramesh alias Sriki, accused in multi-crore bitcoin scam had full access to Junglee Games sites, online platforms for playing rummy. The chargesheet submitted by the Special Investigation Team (SIT) shows evidence of Sriki possessing Junglee Games data which are not available on public platforms.
According to the forensic analysis of the seized Seagate external harddisk from Sriki, he was in possession of confidential data pertaining to online rummy platforms run by Technology for Junglee Games India Private Limited. Sriki had access to rummy.jungleegames.com, jungleerummy.com and others. This company was founded in 2012 in San Francisco, CA. Sriki had also run a fraud check (to find out fraudulent means deployed by the company to cheat customers). The sources in the SIT say that Sriki has found out that this company uses bots to dupe players.
The company statements before the SIT however show inconsistency. This catagorically indicate this company has something to conseal from investigation agency.
Abhishek Bharti, Senior Vice President of the company confirmed data breach and unauthorised access to personal data of players. This statement was recorded on May 2, 2024. In the first statement on April 8, 2024, he said “at this stage, Junglee does not have sufficient information to form an opinion about the data being found in the accused device.”
Forensic analysis
A forensic analysis of the Seagate external hard disk marked D8 revealed an operating system artefact showing access to the URL https://rummy.jungleegames.com/admin/APP/connector/2/2161/dl/UserWithdrawals_2019-04-22_08-20-06.csv.
The downloaded file, UserWithdrawals_2019-04-22_08-20-06.csv, was found stored in the path Macintosh HD – Data\Users\mysticalsyntax\Downloads and is enclosed as Annexure-C86. Examination of the CSV file indicates it contains sensitive user withdrawal data from the Junglee Rummy platform, including user details such as ID, name, date of birth, account number, PAN and ID proof images, withdrawal records, IFSC code, and transaction information.
Additional fields include verification parameters, fraud checks, and payment gateway references like Cashfree Transfer IDs and statuses. The artefact demonstrates the download, access, and possession of financial and personal user data related to withdrawal transactions on the Junglee Rummy administrative system, suggesting possible unauthorized data handling or breach of platform confidentiality.
Forensic observation report
During forensic examination, one operating system artefact was identified containing the following download URL:
https://rummy.jungleegames.com/admin/APP/connector/2/2161/dl/UserWithdrawals_2019-04-22_08-20-06.csv
This URL was found accessed in the Seagate external hard disk marked as D8. The corresponding artefact was enclosed in soft copy as Annexure-C85.
Further analysis revealed that the alleged downloaded file, titled “UserWithdrawals_2019-04-22_08-20-06.csv”, is located at the path: Macintosh HD – Data\Users\mysticalsyntax\Downloads\UserWithdrawals_2019-04-22_08-20-06.csv
A copy of this file is also present in the Seagate external hard disk marked D8, enclosed as Annexure-C86.
The CSV file contains detailed user withdrawal data with multiple column headings, including:
- VIP Category
- User ID
- User Name
- Player Name
- Withdrawal ID
- Type
- Account Number
- Bank Holder Name
- Date of Birth
- PAN Card Image Path
- ID Proof Image Path
- IFSC Code
- Address
- Amount
- Date Requested
- Transaction Details
- Withdrawal Status (including Fraud Checks and Approval Processes)
- Cashfree-related fields such as Transfer ID, Status, Memo, and Last Updated Date
- Additional verification fields including Mobile Verified, Email Verified, PAN Status, Address Proof Type, and Acknowledgment Status
This artefact indicates access and storage of potentially sensitive financial and personal user data related to withdrawals from the Junglee Rummy platform.
Files shared with the company
The SIT shared five files with the Junglee Games company to verify authenticity of data and check breach of privacy and confidential data. This shows company acknowledging data breach and illegal possession of personal data of customers.
Below is the table that shows file name shared by the SIT and opinion from Abhishek Bharti, Senior Vice President of the company
| S.No. | File Name | My Opinion / Remarks |
| 1 | UserWithdrawals_2019-04-22_08-20-06 | This data file belongs to our Junglee Games India Pvt. Ltd. company and contains personal data of players/customers which is not available in the public domain. Hence, it might have been hacked or breached. |
| 2 | psapp_30day_active_mar_2020_03_23 | This data also belongs to our company and contains numeric IDs and screen names of our players/customers. |
| 3 | list_by_chirag_2019_09_11_19_33pm | This data also belongs to our company and contains numeric IDs and screen names of our players/customers. |
| 4 | 60days_openers_vip0_5_6_mar19_2020_03_19_1 | This data also belongs to our company and contains numeric IDs and user names/screen names of our players/customers. |
| 5 | xato-net-10-million-usernames | This data also belongs to our company and contains user names/screen names of our players/customers. |
Additional statements by the company
The chargesheet includes statements provided by the company on December 22, 2023, and April 8, 2024.
On April 8, 2024, in response to a question by the SIT regarding the presence of the company’s confidential data on the accused’s device, Sharma stated:
“At this stage, Junglee does not have sufficient information to form a definitive opinion on the presence of its data on the accused’s device. We were made aware of this matter during the ongoing investigation being conducted by the SIT, CID, Bangalore. Regarding the confidentiality and integrity of our company’s data, Junglee remains committed to the highest data security standards. We implement restricted access permissions to personal data and employ robust prevention and detection measures. Should any incident occur, we take it seriously and reassess our measures to identify appropriate mitigation strategies. As part of our ongoing commitment to player data protection, Junglee confirms that our data security measures have naturally evolved since the dates referenced in the files shared by your office.”
Another statment (response to the questions of SIT), was given by Apoorva Sharma, Nodal Officer Junglee Games India Private Limited.
Is there any monetary loss due to this data breach? – Quesion by the SIT
Junglee has not received any complaints regarding any alleged monetary loss, nor has it detected any such loss related to this potential incident. The company is not aware of any data intrusion and does not have sufficient information to classify this as a data breach. Junglee was recently made aware of this matter during the ongoing investigation being conducted by the SIT, CID, Bangalore.
This shows this company has allegedly something to hide. Both the officials working with the company confirmed that the data found in Sriki’s device was collected from company’s online gaming platform.
Sriki possesses some skill which can be used by the police for detecting malpractices online and to catch the moneylaunderers. Punishment for his wrong doing has to happen anyways.
The faming applications involved in money have always cheatsheets and secret way of deceiving players. This loophole is created by the company itself secretly in these application’s . IF SIT can investigate application developers and the head if the project’s, truth will nail the company boss. SIT must investigate the entire source code in action during fraud times