An online legal defence fund for Marcus Hutchins, the 23-year-old British security researcher who halted the WannaCry cyberattack and was arrested in the US by the FBI, is refunding anyone who donated by credit card.
The refunds come after Tor Ekeland, the New York-based defence lawyer who hosted the fundraiser, spotted that multiple payments had been made using fake or stolen credit card details.
Ekeland didn’t say how much had been raised to date, but told Business Insider his payment processor had blocked “at least” $US150,000 (£116,000) in suspicious-looking donations.
Ekeland returned from a three-week trip to Norway on Thursday night and went through all the payments to find any remaining suspicious donations. He caught a further $US4,900 (£3,800) in fake-looking transfers and decided it was easier just to give back all the money.
“It felt safer just to refund everybody,” he said. “The payment processor blocked about 95%, and when I went through last night, I found a few more. Like this one guy’s card got charged eight times — I don’t think he was making eight donations over two days of $US400.”
The fundraiser was launched earlier in August by two security researchers, Tarah Wheeler and Andrew Mabbs, after Hutchins was unexpectedly arrested by the FBI after the DefCon security conference in the US. He has been charged on six counts of creating the malware that would eventually become the Kronos banking trojan. He has denied the charges and, while normally based in Devon, he remains in the US while he fights his case. Hutchins was widely hailed as a hero after halting the devastating WannaCry attack earlier this year.
BuzzFeed reported last week that his fundraiser would be shut down after a flurry of fake credit card donations. The original plan had been to sort the fake donations from the real ones, and use the genuine funds to pay for Hutchins’ legal fees and donate to the Electronic Frontier Foundation, which campaigns for digital rights.
But Ekeland said: “I didn’t want the chance that we had taken money someone didn’t donate.”
Anyone who has been refunded but still wants to contribute to Hutchins’ defence fund will now need to wait for a second fundraiser, which is being organised by security researcher Tarah M. Wheeler and Fidus Security founder Andrew Mabbs.