The Kimwolf Botnet Mastermind “Dort” Exposed: From Minecraft Cheater to Cybercriminal Kingpin

In a shocking revelation that has sent shockwaves through the cybersecurity community, KrebsOnSecurity has uncovered the identity of “Dort,” the enigmatic figure behind Kimwolf, the world’s largest and most destructive botnet. What began as a story about a critical vulnerability has evolved into a deep dive into the life of a cybercriminal who has graduated from Minecraft cheats to orchestrating devastating attacks on security researchers and journalists alike.

The Rise of a Digital Menace

The saga began in early January 2026 when KrebsOnSecurity published an exposé on Kimwolf, a botnet that had been exploiting a little-known weakness in residential proxy services to infect poorly-defended devices like TV boxes and digital photo frames. The botnet’s creator, Dort, responded with a barrage of distributed denial-of-service (DDoS) attacks, doxing, and email flooding campaigns targeting the researcher who discovered the vulnerability and KrebsOnSecurity’s own Brian Krebs.

But the attacks didn’t stop there. In a chilling escalation, Dort orchestrated a swatting attack against the researcher, causing a SWAT team to be dispatched to their home. This level of aggression and sophistication points to a cybercriminal who is not only technically proficient but also willing to cross ethical and legal boundaries to protect their operations.

Tracing the Digital Footprints

Through meticulous open-source intelligence gathering, KrebsOnSecurity has pieced together a detailed profile of Dort. The investigation reveals that Dort, whose real name is Jacob Butler, is a Canadian national born in August 2003. Butler used various aliases over the years, including “CPacket” and “M1ce,” and was an active member of the Minecraft community, gaining notoriety for their “Dortware” software that helped players cheat.

However, Butler’s activities extended far beyond the realm of gaming. The cyber intelligence firm Intel 471 reports that Butler used the email address [email protected] to create accounts at multiple cybercrime forums between 2015 and 2019, including Nulled and Cracked. These forums are known for facilitating the exchange of hacking tools, stolen data, and other illicit services.

From Minecraft to Cybercrime

Butler’s transition from Minecraft cheater to cybercriminal kingpin is a testament to the evolving nature of cybercrime. According to Flashpoint, Butler was an active participant in the LAPSUS$ cybercrime group’s chat server in March 2022, where they peddled services for registering temporary email addresses and developing CAPTCHA bypass tools. These services were advertised on SIM Land, a Telegram channel dedicated to SIM-swapping and account takeover activity.

In one particularly damning conversation, Butler’s business partner, who went by the handle “Qoft,” bragged about stealing over $250,000 worth of Microsoft Xbox Game Pass accounts by mass-creating Game Pass identities using stolen payment card data. This level of criminal activity demonstrates that Butler is not just a script kiddie but a sophisticated operator with a deep understanding of the cybercrime ecosystem.

The Swatting Incident and Beyond

The swatting attack against the researcher who discovered Kimwolf’s vulnerability is a stark reminder of the real-world consequences of cybercrime. Swatting, the practice of making false reports to law enforcement to provoke a SWAT team response at a target’s home, is a dangerous and potentially deadly form of harassment. The fact that Butler orchestrated such an attack underscores the lengths to which they are willing to go to protect their operations.

In addition to the swatting incident, Butler has been linked to a series of other attacks, including DDoS campaigns, doxing, and email flooding. These attacks have targeted not only the researcher who discovered Kimwolf’s vulnerability but also KrebsOnSecurity’s Brian Krebs and others in the cybersecurity community. The sheer scale and persistence of these attacks suggest that Butler is not acting alone but is part of a larger network of cybercriminals.

The Voice of a Cybercriminal

One of the most compelling pieces of evidence linking Butler to the Dort alias is a voice recording from a September 2022 Clash of Code competition. In the recording, a voice that matches Butler’s can be heard engaging in a cursing tirade and threatening to swat his opponent. This voice is remarkably similar to the one heard in a diss track posted by DortDev, threatening the researcher who discovered Kimwolf’s vulnerability.

When confronted with this evidence, Butler claimed that the voice was not his but rather that of an impersonator using a voice changer. However, this explanation is difficult to reconcile with the fact that Butler’s voice in the phone conversation with KrebsOnSecurity was remarkably similar to the one heard in the Clash of Code recording.

The Human Cost of Cybercrime

The story of Jacob Butler is a cautionary tale about the human cost of cybercrime. Butler’s activities have not only caused significant financial damage but have also put lives at risk. The swatting attack against the researcher who discovered Kimwolf’s vulnerability could have easily resulted in tragedy, and the ongoing harassment of KrebsOnSecurity and others in the cybersecurity community has created a climate of fear and intimidation.

Moreover, Butler’s actions have had a profound impact on his own life. According to Butler, he has struggled with autism and social interaction, and the swatting attacks against his home have left him feeling isolated and afraid. He claims that he has not been online since 2021 and that someone must have compromised his old accounts to impersonate him as Dort.

The Future of Cybercrime

The case of Jacob Butler highlights the evolving nature of cybercrime and the challenges faced by law enforcement and cybersecurity professionals in combating it. As cybercriminals become more sophisticated and brazen, it is clear that traditional approaches to cybersecurity are no longer sufficient. The Kimwolf botnet is just one example of the many threats that organizations and individuals face in the digital age.

To address these challenges, it is essential that we invest in cybersecurity education and awareness, strengthen our legal frameworks, and develop new technologies to detect and mitigate cyber threats. Only by working together can we hope to stay one step ahead of cybercriminals like Jacob Butler and protect the integrity of our digital infrastructure.

Tags:

Kimwolf botnet, Dort, Jacob Butler, cybercrime, swatting, DDoS attacks, doxing, cybersecurity, Minecraft, LAPSUS$, SIM-swapping, CAPTCHA bypass, Microsoft Xbox Game Pass, Intel 471, Flashpoint, Constella Intelligence, DomainTools, Spycloud, Epieos, Synthient, KrebsOnSecurity, Brian Krebs, vulnerability, residential proxy services, digital photo frames, TV boxes, hacking tools, stolen data, illicit services, cybercrime forums, Nulled, Cracked, Discord server, violent threats, personal information, law enforcement, SWAT team, cybersecurity community, open-source intelligence, cyber intelligence, digital footprints, voice recording, Clash of Code competition, diss track, autism, social interaction, online harassment, digital infrastructure, cybersecurity education, legal frameworks, cyber threats, technological innovation.

Viral Sentences:

• “The Kimwolf Botnet Mastermind ‘Dort’ Exposed: From Minecraft Cheater to Cybercriminal Kingpin”
• “Jacob Butler: The Canadian Teen Behind the World’s Largest Botnet”
• “From Minecraft Cheats to Cybercrime: The Rise of Dort”
• “Swatting, DDoS, and Doxing: The Dark Side of Jacob Butler”
• “The Voice of a Cybercriminal: Jacob Butler’s Impersonator or Master Manipulator?”
• “The Human Cost of Cybercrime: Jacob Butler’s Struggle with Autism and Social Interaction”
• “The Future of Cybercrime: Staying One Step Ahead of Jacob Butler and His Ilk”
• “Kimwolf Botnet: A Wake-Up Call for Cybersecurity Professionals Everywhere”
• “The Evolving Nature of Cybercrime: Jacob Butler’s Transition from Gamer to Cybercriminal”
• “The Challenges of Combating Cybercrime: Jacob Butler’s Case Highlights the Need for New Approaches”
• “The Real-World Consequences of Cybercrime: Jacob Butler’s Swatting Attack Could Have Been Deadly”
• “The Cybersecurity Community Under Siege: Jacob Butler’s Harassment of KrebsOnSecurity and Others”
• “The Digital Footprints of a Cybercriminal: Tracing Jacob Butler’s Online Activities”
• “The Impersonation Defense: Jacob Butler Claims His Voice Was Cloned”
• “The Need for Cybersecurity Education: Jacob Butler’s Case Highlights the Importance of Awareness”
• “The Legal Framework for Cybercrime: Jacob Butler’s Case Exposes Gaps in Current Laws”
• “The Technological Innovation Needed to Combat Cybercrime: Jacob Butler’s Kimwolf Botnet is Just the Beginning”
• “The Integrity of Our Digital Infrastructure: Jacob Butler’s Actions Threaten the Security of Us All”
• “The Cybersecurity Community’s Response to Jacob Butler: A Call to Action”
• “The Future of Cybersecurity: Learning from Jacob Butler’s Case to Stay Ahead of Cybercriminals”

,