In a startling revelation that reads like a cybersecurity thriller, a new report by Outpost24’s Kraken Labs has unmasked the double life of an enigmatic figure in the cyber underworld: EncryptHub. Behind the pseudonym lies a paradoxical figure—part-time bug bounty hunter and full-time threat actor responsible for breaching over 618 organizations with ransomware and information stealers.
This investigation exposes not just a threat actor’s exploits, but also the psychological tug-of-war between ethical aspiration and criminal seduction in the cybersecurity world.
Who is EncryptHub?
EncryptHub is no ordinary cybercriminal. While most threat actors remain faceless and silent, EncryptHub took a different path. He is believed to be the same individual as “SkorikARI”, a name acknowledged by Microsoft for reporting two critical vulnerabilities:
- CVE-2025-24061: Mark of the Web Bypass
- CVE-2025-24071: File Explorer Spoofing Vulnerability
Both flaws were patched during Microsoft’s March 2025 Patch Tuesday, but what made them exceptional was not just their technical severity, but who discovered them—the same person behind a major wave of cyberattacks.
The Journey From Developer to Double Agent
EncryptHub’s journey is one that mirrors the struggles of many aspiring developers. He began as a self-taught coder, freelancing in app and web development. Seeking financial stability, he turned to bug bounty programs, but when those failed to yield consistent rewards, he pivoted to cybercrime in 2024.
Yet, the pivot wasn’t complete. Even while deploying ransomware and data stealers, he continued submitting vulnerabilities to Microsoft. His two sides—the ethical bug hunter and the black hat hacker—operated in parallel, until poor operational security unraveled the whole facade.
OPSEC Failures: How He Got Caught
What ultimately led to his exposure wasn’t elite hacking or deep forensics. It was sloppy digital hygiene. Researchers uncovered a trove of self-incriminating behaviors:
- Password Reuse: Out of 200 accounts, 82 had nearly identical passwords with only minor variations.
- Poor Complexity: Most passwords lacked complexity or were easy to brute-force.
- Infrastructure Cross-Pollination: Domains and servers used for legitimate work were also linked to criminal activity.
- Shared Accounts and Systems:
- Personal and criminal accounts used the same devices.
- Same IPs and systems used to log in to both personal emails and command-and-control servers.
- Domains, emails, and registrars overlapped.
ChatGPT: The Unwitting Accomplice
Perhaps the most ironic and damning evidence came from a familiar tool: ChatGPT.
Researchers discovered chat logs where the individual used ChatGPT for a variety of malicious and non-malicious purposes:
- Developing C2 infrastructure, Telegram bots, phishing sites, and .onion services
- Writing malware: clippers, cookie stealers, and PowerShell droppers
- Learning and optimizing code: asking ChatGPT to explain APIs, troubleshoot errors, or integrate snippets
- Crafting phishing lures
- Even asking philosophical questions about being a white-hat or black-hat hacker
What’s striking is how ChatGPT was used not as a weapon, but as a digital confidant—a partner in crime that also served as a sounding board for existential rants about the cybersecurity industry.
Ethics and Identity: A Conflict of Hats
Despite being responsible for malware campaigns and massive breaches, EncryptHub continued pursuing his dream of becoming a respected security researcher. He celebrated Microsoft’s acknowledgment of his bug reports—even as his own malware was active in the wild.
This inner conflict raises essential questions:
- Can someone straddling both sides of the law ever be trusted?
- Is the cybersecurity industry too rigid to support gifted but morally ambiguous researchers?
- Should platforms like ChatGPT have better safeguards for criminal use?
Lessons for the Cybersecurity World
The EncryptHub story is a cautionary tale, not just about individual downfall but about the human flaws behind digital threats. Some key takeaways include:
Operational Security Matters
Even the most sophisticated actor can be undone by reused passwords and mixed personal-criminal activity.
AI Tools Are Double-Edged Swords
ChatGPT, while an incredible resource for learning, can inadvertently become a cybercrime enabler in the wrong hands.
Ethical Gray Zones Need Better Frameworks
The industry might need to rethink how it nurtures ethical hacking talent before they feel forced to turn rogue.
Security is Still in the Hands of the User
As Outpost24’s report concludes:
“The most complex 0-day exploit is useless against a user that knows better than download a suspicious executable from a shady site.”
Final Thoughts
EncryptHub is a brilliant yet conflicted individual—a symbol of how cyber talent can drift between good and evil. His downfall wasn’t due to law enforcement crackdowns or brilliant forensics, but fundamental errors in personal security. His greatest weapon—intelligence—was also his biggest liability.
As cybersecurity continues to evolve, the lines between hacker and researcher, threat and hero, will grow ever blurrier. The EncryptHub saga forces us to ask: Who are we empowering, and who are we ignoring in the shadows?
