In a massive international crackdown on cyber-enabled financial syndicates, the Headquarters Unit of the Enforcement Directorate (ED) has filed a comprehensive prosecution complaint in connection with the global “Coinbase Phishing Scam.” The high-profile charge sheet was officially submitted before the Special PMLA Court at the Dwarka District Courts in New Delhi. The federal probe targets an intricate money laundering network that weaponized search engine optimization (SEO) tactics and spoofed internet protocols to drain over ₹170 crore ($20 million) from digital asset investors.
The ED initiated its independent domestic investigation under the Prevention of Money Laundering Act (PMLA) following global intelligence reports detailing the high-stakes arrest of the racket’s mastermind, Chirag Tomar. The 30-year-old Indian national was intercepted and arrested by the Federal Bureau of Investigation (FBI) at the Atlanta airport on December 20, 2023, while entering the United States. He has since been sentenced by a competent U.S. District Court to 60 months of federal imprisonment, followed by two years of supervised release.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
The Fake “Coinbase Pro” SEO Spoof Loop
To reconstruct the technical architecture of the cyber operation, the ED successfully secured cross-border digital records, transaction ledgers, and forensic server snapshots from authorities in the United States through Mutual Legal Assistance Treaty (MLAT) channels. The evidence exposed a highly calculated phishing matrix that subverted standard internet search routines.
The syndicate registered a lookalike internet domain name—coinbasepro.com—intentionally mirroring the authentic URL of the exchange’s premium trading tier, which at the time was natively hosted at pro.coinbase.com. Using sophisticated search engine optimization manipulation, Tomar’s team forced their counterfeit portal to rank at the absolute top of search engine result pages.
When global users clicked the top result, they were met with a frontend interface that identical-matched the legitimate exchange. The moment users entered their usernames and passwords, the credentials were captured in real-time by a backend keylogging script.
To bypass two-factor authentication (2FA) barriers, the fake portal displayed a simulated “Account Locked” error notification. The warning screen instructed the panicked victims to call a prominent customer service helpline number displayed prominently on the page.
This line connected directly to a specialized, fraudulent call center managed by Tomar and his tech handlers. Operating under the guise of verified Coinbase customer support representatives, the call center staff used high-pressure social engineering tactics to manipulate the victims into revealing their live 2FA codes over the phone or granting remote desktop control via third-party software.
The Peer-to-Peer Laundering Grid
The moment access was secured, the syndicate drained the victims’ cryptocurrency wallets and transferred the digital assets into a defense-matrix of private virtual wallets under Tomar’s absolute control. To hide the origin of the stolen wealth, the capital was systematically broken into dynamic fractions and bounced through an automated layering cycle:
- Token Conversion: The stolen tokens were rapidly swapped into privacy-centric virtual digital assets to break public ledger tracking.
- Wallet Shuffling: The capital was bounced through hundreds of intermediate global crypto wallets in rapid succession to create severe transaction noise.
- The P2P Cash-Out: The shuffled digital tokens were ultimately liquidated into hard fiat cash by selling them on peer-to-peer (P2P) crypto trading platforms, directly converting the values into Indian Rupees (INR).
Real Estate Realignment and Luxury Cars
The ED’s forensic financial trail proved that these P2P sale proceeds were funneled straight into the domestic retail bank accounts of Chirag Tomar, his close family members, and a ring of trusted inner-circle associates. Alongside the kingpin, the ED’s prosecution complaint has formally arraigned his key domestic laundering operatives, identified as Pankaj Tomar, Kushagra Shakya, Akash Vaish, Rahul Anand, and Ketan Luthra.
The federal charge sheet also hits two primary corporate fronts weaponized to absorb the illicit wealth: M/s Tomar Group of Industries Private Limited and M/s Exahomes Realtors. The ED revealed that the stolen cash was aggressively layered to buy high-end commercial land tracts, acquire residential real estate, and clear domestic investments to disguise the dirty funds as untainted corporate equity.
In parallel global asset declarations, U.S. court documents showed that Tomar used the stolen millions to fund an incredibly lavish lifestyle, including buying a collection of elite Rolex watches, acquiring luxury supercars like Lamborghinis and Porsches, and financing expensive vacations to Dubai and Thailand. The ED has so far provisionally attached movable and immovable properties valued at ₹64.55 crore inside India, with enforcement tracking divisions continuously mapping out supplementary shell registries.
