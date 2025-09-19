5 Things to Know About the UK Teen Hacker Charged in $115M Crypto Ransom Spree

Teen suspect tied 120 breaches to $115M in ransom before a UK arrest linked London’s TfL hack to a U.S. court intrusion, uniting NCA, FBI, and DOJ around Thalha Jubair’s alleged Scattered Spider lead role.

Federal prosecutors have charged 19-year-old Thalha Jubair, a British national from London, with orchestrating a series of cyberattacks that extorted more than $115 million from American companies and government agencies.

According to an unsealed complaint in the District of New Jersey, Jubair led the hacker collective known as Scattered Spider, which carried out several computer intrusions across the U.S., which disrupted critical services, including portions of the federal court system, and forced victims to pay ransoms to regain access to compromised systems.

On Sept. 16, U.K. authorities arrested Jubair along with another suspect in a separate case involving attempted intrusions into U.K. critical infrastructure, noting the group’s transnational footprint.

Jubair’s arrest was a coordinated operation led by the FBI’s Newark Field Office, with assistance from the U.K. National Crime Agency, City of London Police, West Midlands Police, and international partners in the Netherlands, Romania, Canada, and Australia.

Assistant Director Brett Leatherman of the FBI’s Cyber Division said the case shows “no cybercriminal is beyond our reach.”

How Thalha Jubair and Scattered Spider Group Operate the Crypto Ransom Operations

Scattered Spider, also tracked under aliases such as Octo Tempest, UNC3944, and 0ktapus, is regarded as one of the most aggressive cybercrime syndicates of recent years. The group is notorious for using sophisticated social engineering tactics to impersonate employees, manipulate IT help desks, and infiltrate corporate systems.

According to the Justice Department, Jubair, who went by online handles including “EarthtoStar,” “Brad,” “Austin,” and @autistic, coordinated with other members to compromise networks, exfiltrate or encrypt sensitive data, and demand ransoms in exchange for secrecy or restoration.

Between 2022 and 2025, the group allegedly carried out at least 120 intrusions, targeting 47 U.S. organizations, and netted over $115 million in ransom payments.

Investigators traced portions of the ransom funds to cryptocurrency wallets controlled by Jubair. In July 2024, U.S. law enforcement seized roughly $36 million in digital assets linked to the group. During that same period, prosecutors say Jubair attempted to move $8.4 million to another wallet, further indicating his role in laundering illicit proceeds.

The indictment charges Jubair with conspiracy to commit computer fraud, two counts of computer fraud, conspiracy to commit wire fraud, two counts of wire fraud, and conspiracy to commit money laundering. If convicted on all counts, he faces a maximum sentence of 95 years in prison.

Here are some key facts about the UK teen hacker charged in the $115M crypto ransom spree:

Who he is: Thalha Jubair, 19, from London, was arrested Sept. 16 in the U.K. and charged in the U.S. with leading cyberattacks tied to $115 million in ransom.

The group: Jubair allegedly led Scattered Spider (also known as Octo Tempest, UNC3944, and 0ktapus), a hacking syndicate infamous for social engineering and corporate intrusions.

The scope: From 2022 to 2025, the group launched at least 120 attacks, hitting 47 U.S. organizations and disrupting services, including the federal court system.

The money: Victims paid over $115 million; investigators seized $36 million in crypto from Jubair’s server in 2024, while he attempted to move another $8.4 million.

The charges: Jubair faces conspiracy, fraud, and money laundering counts carrying up to 95 years in prison.



Crypto Crime Activities Surge in Recent Months

The arrest of 19-year-old British hacker Thalha Jubair shows how cryptocurrencies are increasingly central to cybercrime. In just the first eight months of 2025, hackers have stolen more than $3 billion across 119 incidents, which is already 1.5 times the total losses of 2024, according to Global Ledger.

Criminals now launder stolen funds within seconds, far outpacing the detection capabilities of most exchanges.

August showed the accelerating threat, becoming the third-worst month on record for crypto security. Hackers siphoned $163 million across 16 cases, including a $91.4 million theft from a Bitcoin holder tricked through a social engineering scam, the $54 million BtcTurk breach, and smaller hits at ODIN•FUN, BetterBank.io, and CrediX Finance.

That total surpassed July’s $142 million, with exchanges, DeFi protocols, and individual investors all in the crosshairs.

Governments are now ramping up oversight. The UK and U.S. are preparing a joint framework on digital assets following high-level talks between Chancellor Rachel Reeves and Treasury Secretary Scott Bessent.

Meanwhile, the New York Department of Financial Services has directed banks to integrate blockchain analytics into compliance programs to spot wallet risks.

The private sector is also mobilizing. In August, Coinbase, Binance, PayPal, Robinhood, Kraken, and others launched the Beacon Network, a first-of-its-kind, real-time crime response system that freezes illicit funds before they can be withdrawn.

Backed by TRM Labs and federal agencies, the initiative seeks to disrupt what it calls a $47 billion annual crypto crime economy.

With hackers moving stolen funds in as little as four seconds, 75 times faster than exchange alerts can react, the race between cybercriminals and regulators is reaching new intensity.