Marcus Hutchins, better known by the handle MalwareTech, stopped the spread of the WannaCry cyberattack in May. Now, reports say he has been arrested in Las Vegas by the FBI.
Motherboard originally reported that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday, but has already been moved.
Hutchins was arrested for his role in “creating and distributing the Kronos banking trojan,” according to his indictment. Kronos was a malware program that harvested online banking credentials and credit card data, first discovered in July 2014.
More than $140,000 worth of digital currency bitcoin was moved from accounts linked to the WannaCry cyberattack, CNN Money reported early Thursday. Cybersecurity experts have linked the hack to North Korea.
Sign Up and Save
Get six months of free digital access to The Kansas City Star
The WannaCry attack affected more than 150 countries, targeting hospitals, businesses and government offices. It demanded victims pay a $300 ransom using bitcoin, which allows the public transfer of money but keeps its users totally anonymous.
Hutchins, who is from England, found an effective kill switch shortly after the attack began by registering a domain name he found in the code of the ransomware. The kill switch effectively halted the outbreak of the virus.
“I’ve spoken to the U.S. Marshals again and they say they have no record of Marcus being in the system. At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” an anonymous “close personal friend” of Hutchins told Motherboard. “We still don’t know why Marcus has been arrested and now we have no idea where in the U.S. he’s been taken to and we’re extremely concerned for his welfare.”
Hutchins was in Las Vegas for two annual hacking conferences called Black Hat and Def Con, according to Motherboard. A spokesperson for U.S. Marshals told Motherboard it was an FBI arrest, but could not provide further details. The FBI “acknowledged” Motherboard’s request for comment but did not immediately provide a response.
The U.S. National Security Agency was widely criticized after the WannaCry attack, as the agency had reportedly already discovered the vulnerability in Microsoft systems that WannaCry had exploited. But rather than report it to Microsoft, NSA had been using the vulnerability to break into Windows machines for its own purposes. The WannaCry software may have been stolen from the NSA.