FBI identifies notorious IntelBroker using bitcoin wallet records

The notorious cyber-criminal known as IntelBroker has been revealed as a 25-year-old British national named Kai West, according to newly released court documents. West, who was also operating under the alias Kyle Northern, is believed to have breached computer systems of over 40 victims worldwide, resulting in significant damages estimated to be at least $25 million. The criminal activity spanned from December 2022 until West’s apprehension in France in February 2025.

The indictment against West, filed in court and unsealed recently, outlines four charges related to unauthorized access to companies’ computer systems as part of a long-running scheme. One such incident involved the theft and deletion of data in January 2023, resulting in damages of over $5,000. On the same day, West, using the IntelBroker moniker, reportedly attempted to sell the stolen files.

In another instance in March 2023, West and his accomplices breached a medical services provider’s system, stealing patient data that impacted patient care services significantly. Among the high-profile victims linked to IntelBroker are companies like Nokia, HPE, Europol, Home Depot, AMD, Apple, and the US Army.

Following the data thefts, West and his group would advertise the sensitive information for sale on BreachForums, a notorious cybercrime platform for trading in stolen data. West is alleged to have also operated as an administrator on BreachForums, managing illicit activities on the platform. Earlier this week, authorities in Paris arrested four other forum administrators, identified by their online handles Hollow, Noct, Depressed, and ShinyHunters.

The FBI, in a criminal complaint also disclosed recently, shared how they managed to trace the IntelBroker alias back to West. Through undercover operations and purchasing a stolen API key that provided unauthorized access to a website, agents were able to link a bitcoin wallet address registered by West to the stolen data transactions. The wallet was connected to a previous Ramp account associated with a UK driver’s license under the name of “Kai Logan West.” This driver’s license was further traced to a Coinbase account registered under the alias “Kyle Northern,” linked to West’s personal email address.

It was revealed that West had used the same email address to browse and post videos on YouTube related to their activities on BreachForums. Additionally, the FBI uncovered that West had watched videos about IntelBroker and their victims using the same email address.

The US government is seeking West’s extradition, as he faces potential 20-year sentences for two of the charges levied against him. Overall, the intricate investigation by the FBI and law enforcement agencies highlights the complex and evolving nature of cybercrime in the digital age.