Tech: The online fundraiser for WannaCry ‘hero’ Marcus Hutchins had to block $150,000 in donations

Security researcher Marcus Hutchins.

An online legal defence fund for Marcus
Hutchins, the 23-year-old British security researcher who halted the
WannaCry cyberattack and was arrested in the US by the FBI, is refunding anyone who donated by credit card.

The refunds come after Tor Ekeland, the New York-based defence lawyer
who hosted the fundraiser, spotted that multiple payments had been made
using fake or stolen credit card details.

Ekeland didn’t say how much had been raised to date, but told
Business Insider his payment processor had blocked “at least” $150,000
(£116,000) in suspicious-looking donations.

Ekeland returned from a three-week trip to Norway on Thursday night
and went through all the payments to find any remaining suspicious
donations. He caught a further $4,900 (£3,800) in fake-looking transfers
and decided it was easier just to give back all the money.

“It felt safer just to refund everybody,” he said. “The payment
processor blocked about 95%, and when I went through last night, I found
a few more. Like this one guy’s card got charged eight times — I don’t
think he was making eight donations over two days of $400.”

The fundraiser was launched earlier in August by two security researchers,
Tarah Wheeler and Andrew Mabbs, after Hutchins was unexpectedly
arrested by the FBI after the DefCon security conference in the US. He
has been charged on six counts of creating the malware that would
eventually become the Kronos banking trojan. He has denied the charges
and, while normally based in Devon, he remains in the US while he
fights his case. Hutchins was widely hailed as a hero after halting the
devastating WannaCry attack earlier this year.

BuzzFeed reported last week that his fundraiser would be shut down
after a flurry of fake credit card donations. The original plan had
been to sort the fake donations from the real ones, and use the genuine
funds to pay for Hutchins’ legal fees and donate to the Electronic
Frontier Foundation, which campaigns for digital rights.

But Ekeland said: “I didn’t want the chance that we had taken money someone didn’t donate.”

Anyone who has been refunded but still wants to contribute to
Hutchins’ defence fund will now need to wait for a second fundraiser,
which is being organised by security researcher Tarah M. Wheeler and
Fidus Security founder Andrew Mabbs.

Wheeler tweeted: “The new @MalwareTechBlog crowdfunding campaign will start next week; @MabbsSec & I thank you for your patience as we do this right!”


Please enter your comment!
Please enter your name here