back to top
World

Fraud Forces WannaCry Hero's Legal Fund To Refund All Donations

The lawyer managing fundraising for Marcus Hutchins' legal defense decided it was easier to refund all donations than figure out which ones were legitimate.

Posted on
Joshua Lott / AFP / Getty Images

Marcus Hutchins, the British cybersecurity expert accused of creating and selling malware that steals banking passwords, arrives at the federal courthouse in Milwaukee for his Aug. 14 arraignment.

The vast majority of money raised to pay for the legal defense of beloved British cybersecurity researcher Marcus Hutchins was donated with stolen or fake credit card numbers, and all donations, including legitimate ones, will be returned, the manager of the defense fund says.

Lawyer Tor Ekeland, who managed the fund, said at least $150,000 of the money collected came from fraudulent sources, and that the prevalence of fraudulent donations effectively voided the entire fundraiser. He said he'd been able to identify only about $4,900 in legitimate donations, but that he couldn't be certain even of those.

“I don’t want to take the risk, so I just refunded everything,” he said.

“One person had five different charges to his account,” Ekeland told BuzzFeed News. “Odd numbers, the kind you’ll glance over when looking at your bill.”

Ekeland said he's still determining what to do with a bitcoin wallet set up to take donations for Hutchins, which has received 96 small donations, worth a total of about $3,400.

Hutchins, 23, became famous in May when he stopped the global WannaCry ransomware attack by obtaining and examining its code, then registering a URL that functioned as a kill switch. Before Hutchins acted, the WannaCry ransomware had frozen tens of thousands of computers, including many in the United Kingdom's National Health Service.

In early August, after Hutchins traveled with friends to Las Vegas for a cybersecurity conference, the FBI arrested him on charges he created the Kronos Trojan that targeted bank accounts. A shocked community of cybersecurity researchers rallied behind him and tried to raise money for experienced attorneys. Ekeland stepped in to host the fundraiser after GoFundMe refused to host it, citing its terms of service.

Hutchins, who pleaded not guilty to all six charges against him on Aug. 14, has retained Brian Klein, a Los Angeles-based trial lawyer, and Marcia Hofmann, an acclaimed expert on US hacking laws, as his attorneys. A judge told him he could not return to the UK before his trial, scheduled for October, but that he could stay in LA in the meantime.

Tarah Wheeler, a friend of Hutchins, previously told BuzzFeed News that she planned to set up a new legal defense fund for him, but did not immediately respond to request for comment for this story.

Ekeland said he believes he has refunded every donation to the fund, but that anyone who hasn’t heard from him can email info@torekeland.com for their refund.

CORRECTION

Marcia Hofmann's name was misspelled in a previous version of this post.

Kevin Collier is a cybersecurity correspondent for BuzzFeed News and is based in New York.

Contact Kevin Collier at kevin.collier@buzzfeed.com.

Got a confidential tip? Submit it here.