Hutchins was arrested in Las Vegas after attending the Black Hat and Defcon security conferences. His Twitter account, which is typically abuzz, went silent after he posted a number of tweets from the local airport indicating his eagerness to return home.
Sold for as much as $7,000 at one point, a premium price tag for this type of malware, the Kronos Trojan claimed to be able to evade anti-virus software in an effort to steal banking customers' credentials and other personal information. The federal indictment Wednesday said that Hutchins and an unnamed associate began offering the Kronos malware publicly in August 2014.
Hutchins earned widespread acclaim this year for his high-profile role in thwarting the WannaCry ransomware, which seized control of thousands of PCs around the world and locked them down unless their owners agreed to pay a fee. While analyzing WannaCry's code, Hutchins discovered a flaw: The malware contained a kill switch that could be activated simply by controlling a specific website. For about $10, Hutchins purchased the rights to the domain, and experts credited the move with preventing WannaCry from spreading as quickly as it could have.
The act generated a deluge of media attention for Hutchins, who sought to back away from the limelight. But now, it appears he may be at the center of a whole new public drama.