8,000 mule accounts frozen in J&K as security agencies flag digital hawala threat

Srinagar, Feb 15: Amid heightened security concerns in Jammu and Kashmir, central agencies in collaboration with J&K Police have uncovered a rapidly expanding network of “mule accounts” that officials describe as the financial backbone of global cyber fraud syndicates — with apprehensions that part of the siphoned money could be diverted towards separatist and anti-national activities in the Union Territory.

Over the past three years, more than 8,000 such accounts operating in J&K have been identified and frozen, exposing what investigators call a sophisticated and layered money-laundering ecosystem.  Officials said the crackdown comes against the backdrop of sustained efforts to choke terror financing channels in Jammu and Kashmir following earlier enforcement actions by agencies such as the National Investigation Agency.

Senior officials in security establishment believe that after the NIA’s 2017 drive to dismantle conventional funding pipelines into J&K, anti-national elements may have pivoted to a new model of “digital hawala”. In this system, commissions earned by mule account holders — or “mulers” — could potentially be siphoned off to fund unlawful activities while maintaining plausible deniability.

Describing mule accounts as the “weakest yet most crucial link” in the cybercrime chain, officials said that without them, it would be nearly impossible to convert stolen funds into untraceable cryptocurrency. Central security agencies have asked the J&K Police and other law enforcement bodies to hold consultations with banks to check the mushrooming of such accounts and identify middlemen facilitating the fraud.

A muler, investigators explained, is rarely the individual who contacts victims or circulates phishing links. Instead, their role is covert but pivotal — arranging and maintaining a steady pool of bank accounts that scammers use to receive and layer stolen money while masking their identities. A single fraud operator is often provided with 10 to 30 mule accounts at a time.

These accounts frequently belong to unsuspecting or complicit individuals enticed with promises of easy commissions and minimal risk. They are persuaded to hand over complete control of their accounts — including net banking credentials — under the pretext that the accounts will serve briefly as “parking accounts” for transactions. In several instances, accounts have been opened in the names of shell or fictitious companies, allowing transactions of up to Rs 40 lakh in a single day without immediately triggering red flags.

Officials said the money trail is deliberately made complex, with funds quickly routed through multiple accounts and fragmented into smaller transactions to evade scrutiny. From there, the money is often converted into cryptocurrency through private wallets.

A recent assessment by central agencies has pointed to handlers based in countries such as China, Malaysia, Myanmar and Cambodia directing individuals in Jammu and Kashmir to set up private crypto wallets. These wallets are typically created using Virtual Private Networks (VPNs) to obscure location data and are structured to bypass Know Your Customer (KYC) norms and identity verification protocols. With growing concerns over the misuse of digital tools by terror outfits and separatist networks, the Jammu and Kashmir Police has already taken steps to suspend the use of VPN services in the Valley, citing their frequent exploitation to avoid detection.

Officials emphasised that while mule account holders may not design the scams or directly engage victims, they are active facilitators of money laundering. “The entire scam ecosystem depends on these accounts. Without a destination for the money, the scam collapses at the first step,” a senior official said. “Those renting out their accounts are not mere bystanders — they form the financial infrastructure that sustains transnational crime.”