DCI hacked: Did cybercriminals profit from crypto transactions?

On Sunday, 9 February, the Directorate of Criminal Investigations (DCI) suffered a cyber-attack that saw its official Facebook and X (formerly Twitter) accounts hacked for several hours.

The agency has since confirmed that it has regained control of the accounts and assured the public that investigations are underway to identify the perpetrators.

In a press statement, the DCI addressed the incident, stating: "For some moments this evening, we experienced a cyber-attack on the DCI digital platforms (X and Facebook), but have since regained full control."

The hackers used the compromised accounts to post misleading content about a cryptocurrency known as Sol Meme Coin. Meme coins are cryptocurrencies inspired by internet jokes and trends, often lacking the long-term goals or structured development seen in traditional digital assets. Some well-known meme coins include Dogecoin, Shiba Inu, and Floki Inu.

During the breach, the hackers posted statements suggesting that the DCI was launching a blockchain project, claiming it was part of a government initiative to cut federal spending. One of the posts read: "This is official news, please ask local media to support the idea of launching a blockchain project."

Another statement falsely claimed: "The present endeavour signifies the inaugural implementation of blockchain technology within the governmental sector, with the overarching objective being the reduction of the federal budget by hundreds of millions of dollars on an annual basis."

Screenshots circulating online suggest the attackers may have attempted to profit from the hack by manipulating cryptocurrency transactions. X user Mutua Brian shared an image appearing to show that the hackers created a token named "DCI," deposited 20 Solana (SOL) coins, and later swapped them for 429,199,999 units of the newly created token. The attackers allegedly converted these tokens back into 64.7 SOL, which could be worth between $4,000 and $13,000 (Sh516,000 – Sh1.68 million).

The screenshot, seemingly from a blockchain explorer such as Solscan or SolanaFM, details three transactions: the creation of the token, the initial swap, and the final conversion back to Solana. However, independent verification of these transactions has proven difficult, as searches on blockchain tracking platforms have not yielded corresponding results.

Smart scammer hacked in to DCI Kenya's account, created a sol memecoin, put in 20 Sol , promoted it on their page and cashed out 64.7 Sol.

That's $4K to $13K in just 35 minutes. ? pic.twitter.com/5CIibPJ939

— Mutua B (@Mutuabrian_M) February 9, 2025

The breach has sparked widespread debate online, with Kenyans questioning the cybersecurity measures in place for government agencies.

One X user commented: "Kumbe shida hadi sio DCI. Shida ni sisi kuji-limit." (So, the problem isn’t even the DCI—the problem is us limiting ourselves.)

Another warned: "This is a wake-up call. If an agency like the DCI can be attacked, what about an ordinary person? Today, the biggest crime might not be physical—it’s in cyberspace."

The DCI has assured the public that a thorough forensic investigation is underway to track down the hackers. It has also advised Kenyans to remain cautious, warning against potential scams that may arise from the incident.

"A scrupulous interrogation into the criminal activity has been activated to bring the perpetrators to book," the statement read.

The breach highlights the increasing threat of cybercrime in Kenya and raises concerns about the security of official government platforms. While the DCI has reassured the public that the situation is under control, questions remain about the full extent of the attack and whether financial losses were incurred.