In a story that reads like a modern-day digital thriller, a new report by Outpost24, authored by Kraken Labs, has pulled back the curtain on a cybercriminal living a double life. Known under the pseudonym EncryptHub in the dark corners of the cyber underworld and as SkorikARI in the realm of ethical hacking, this individual is linked to breaching 618 organizations with ransomware and information-stealing malware—all while simultaneously earning acknowledgments from Microsoft for responsibly disclosing vulnerabilities through its bug bounty program.
This case is more than a story of cybercrime—it’s a cautionary tale about operational security, the blurred lines between white-hat and black-hat hacking, and the unintended enabling role of AI tools like ChatGPT in the hands of ambitious threat actors.
The Bug Hunter Turned Hacker
The individual behind EncryptHub started on a path familiar to many in tech: self-taught, ambitious, and eager to break into the cybersecurity industry. Freelancing as a developer, he eventually turned to bug bounty platforms to earn a legitimate income. However, limited success pushed him toward a darker avenue—cybercrime.
Rather than abandoning his legitimate aspirations, he juggled both lives. By day, he reported vulnerabilities; by night, he unleashed malware. This duality is nowhere more evident than in his 2025 disclosures of CVE-2025-24061 (a Mark of the Web bypass) and CVE-2025-24071 (a File Explorer spoofing vulnerability), both addressed by Microsoft and credited to “SkorikARI with SkorikARI”—a name now inseparable from EncryptHub.
The Smoking Gun: Poor OpSec and AI Confessions
Despite his technical prowess, EncryptHub’s downfall came from poor operational security (OpSec)—a recurring irony among technically gifted threat actors. According to Kraken Labs, the unraveling of his identity began with password reuse. An exfiltrated file revealed that 82 of 200 stolen credentials had nearly identical passwords with minor variations.
These sloppy password practices gave researchers direct access to:
- EncryptRAT Command-and-Control servers
- Bulletproof hosting panels
- Cryptocurrency exchanges
- SSL certificate portals
- Domain registrars
Even more damning was his blending of personal and criminal identities:
- Reused personal and criminal usernames and passwords
- Managed hacking infrastructure with personal email accounts
- Used the same system for both malware development and personal activity
- Repurposed legitimate development infrastructure for criminal use
But the most revealing leak? His ChatGPT history.
ChatGPT: The Inadvertent Accomplice
Security researchers unearthed thousands of messages exchanged between EncryptHub and ChatGPT. These conversations served as a goldmine of evidence—not only confirming the link between EncryptHub and SkorikARI, but also detailing the technical and philosophical journey of a conflicted hacker.
ChatGPT reportedly helped EncryptHub:
- Develop infrastructure: Telegram bots, C2 servers, phishing sites, .onion services
- Write malware: Custom stealers, clippers, loaders
- Learn new skills: REST APIs, macOS app development, PowerShell scripting in Go
- Optimize and understand malware code from other developers
- Create phishing lures with greater psychological impact
Remarkably, EncryptHub also used the AI tool as a sort of confessional. He debated the morality of his actions, lamented industry bias, and asked for help on how to pivot from cybercrime to running a legitimate cybersecurity firm.
The Human Element: Ambition, Conflict, and Consequences
Behind the exploits lies a human story—one of ambition, failure, reinvention, and contradiction. This individual is not a typical faceless adversary. He is a reflection of the complexity of the cybersecurity world, where the same skills that protect can also be used to exploit.
He represents a new breed of threat actor—technically sophisticated but emotionally torn, capable of doing good but drawn into cybercrime by the lure of faster returns and a lack of recognition from the legitimate world.
Lessons from the EncryptHub Case
The report closes with a sobering message: no matter how talented or technically gifted a hacker is, basic mistakes can destroy even the most carefully crafted façade.
Key takeaways include:
- Operational Security Is Critical
Reusing passwords, devices, and infrastructure is a recipe for exposure. - AI Tools Are Double-Edged Swords
ChatGPT provided technical assistance, but also became a digital diary of criminal activity. - Intentions Don’t Erase Actions
Even though EncryptHub tried to “go legit,” his actions harmed hundreds of organizations. - Security Awareness Still Works
The report concludes with a powerful reminder:”The most complex 0-day exploit is useless against a user that knows better than download a suspicious executable from a shady site.” - The Cybersecurity Industry Must Bridge the Gap
When talented individuals turn to crime due to a lack of opportunity or recognition, it highlights a systemic issue in how talent is identified, nurtured, and rewarded.
Final Thoughts: Talent Misguided, Not Lost
EncryptHub’s double life is now public, and his reputation in both the cybercriminal and white-hat communities will never be the same. But his story is not entirely one of failure. It’s a harsh reminder that brilliance without boundaries can be both dangerous and tragic.
As the cybersecurity world absorbs the implications of this case, it should also ask: how many others like EncryptHub are out there, walking the line between ethical hacking and digital destruction?
