FBI arrests UK security researcher who stopped WannaCry outbreak (updated)

Security researcher Marcus Hutchins was in Las Vegas, attending the Def Con security conference.

Bloomberg via Getty Images

Marcus Hutchins, the 23-year-old security researcher who is credited with halting the spread of the WannaCry malware program earlier this year has been arrested by the FBI while attending the Def Con security conference in Las Vegas, Motherboard reports.

This is a developing story and details remain scarce as of the publication of this post, however The Telegraph states that "UK law enforcement and security agencies confirmed a British citizen has been arrested" as part of an ongoing FBI investigation.

Hutchins was hailed as a hero in May when he found the kill switch to the WannaCry virus, a malware program that had infected vulnerable targets across Europe and Asia, including the UK's National Health Service and a Spanish telecommunications company. Hutchins, who works for Kryptos Logic, halted the virus' spread by registering a web domain that the program's code relied on.

Motherboard reports that as of early Thursday morning Hutchins was being held in the Henderson Detention Center in Nevada, however, he was later moved to an undisclosed location. "I've spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we've been trying to get in contact with Marcus for 18 hours and nobody knows where he's been taken," an unnamed friend of Hutchins told Motherboard. "We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare."

Engadget has reached out to Kryptos Logic and the FBI for comment. This story will be updated as they reply.

Update (2:29 PM ET): Hutchins has reportedly been located and is being held at the FBI's Las Vegas field office.

Update (2:45 pm EDT): The Department of Justice has just announced that Hutchins is in custody for "his role in creating and distributing the Kronos banking Trojan." According to the DoJ, between July 2014 and July 2015 Hutchins developed the malware and shared it online.