This article is more than 1 year old

WannaCry kill-switch hero Marcus Hutchins collared by FBI on way home from DEF CON

Chap who stopped malware spread cuffed in Vegas

Updated Marcus Hutchins, the unassuming Brit who found and activated the kill switch in the WannaCry ransomware, has been arrested by the FBI in America.

Hutchins had been invited over to the States for the DEF CON hacking conference, held last week in Las Vegas, Nevada, and stayed on a few extra days to do the usual touristy things in the area. He attended various parties at the event, went shooting, as is somewhat traditional, and had been planning to return home yesterday.

The UK's National Crime Agency confirmed to The Register tonight that a UK national was arrested in Nevada, but couldn't comment on why nor on what charges or suspicions. A spokesperson for the FBI field office in Sin City was not available for immediate comment.

It's understood Hutchins, aka MalwareTechBlog on Twitter, was just about to board a flight home to the UK on Wednesday when the Feds swooped and took him away to an undisclosed location. His worried friends say they still have no idea where he is being held nor why.

His pal Andrew Mabbitt, founder of Fidus Information Security, today confirmed that 23-year-old Hutchins had been cuffed by the Feds on August 2. "I'm working on getting a lawyer for @MalwareTechBlog as he has no legal representation and no visitors. I'll be crowdfunding legal fees soon," Mabbitt added.

Hutchins, who works for a US infosec biz from his home in Blighty, was well-liked at the conference, and won praise from such luminaries as car hacker Charlie Miller. The Brit narrowly missed out on winning a Pwnie Award for his work on reverse engineering the WannaCry nasty.

We can only hope Hutchins, while waiting to fly back from his summer break, didn't make an unfortunate joke or three to the US Transportation Security Administration, who lack any modicum of a sense of humor about such things. ®

Updated to add

Hutchins was arrested on suspicion of creating bank-account-raiding malware Kronos, and is being held in the FBI's Las Vegas field office. Also, a hat tip to journo Joseph Cox for breaking the news.

More about


Send us news

Other stories you might like