A 23-year-old British national, Kai Logan West, better known online as “IntelBroker”, has ”been charged with orchestrating a wave of high-profile data breaches that inflicted at least $25 million in damages worldwide. Arrested in France in February 2025, West now faces extradition to the United States, where he is expected to stand trial in the Southern District of New York.
The dramatic unmasking of IntelBroker, who gained infamy across dark web forums for selling stolen data from government agencies, telecoms, and healthcare providers, is detailed in an unsealed federal complaint. It reveals how FBI agents connected West’s cyber alias to his real identity through meticulous crypto tracing, undercover purchases, and his own careless online habits.
A Two-Year Hunt Across the Dark Web
IntelBroker rose to prominence on BreachForums, an underground marketplace for stolen data known in court documents as “Forum-1.” Operating under pseudonyms like “IntelBroker” and “Kyle Northern,” West authored 158 threads selling hacked databases between 2023 and 2025, with at least 41 targeting US companies.
In 2024, he was listed as the owner of Forum-1, cementing his status as a central player in cybercrime circles. West and members of his crew, CyberN, previously called “The Boys,” routinely offered databases from government and corporate victims, soliciting payments largely in Monero.
Following the Money: Crypto Wallets and KYC Trails
The FBI’s investigation hinged on a January 2023 transaction, when an undercover agent purchased stolen login credentials from IntelBroker. Unlike his usual Monero payments, IntelBroker accepted Bitcoin, providing a wallet address that agents traced back through blockchain analysis.
That wallet had been funded by another account linked to a Ramp exchange registration under Kai Logan West’s UK provisional driving licence. Investigators then uncovered West’s Coinbase account, also under the alias Kyle Northern but with Know Your Customer (KYC) information directly identifying him as Kai West.
“Even in the world of cryptocurrency, a slip in operational security can open a door straight to an investigator,” an FBI spokesperson said, describing how West’s crypto mistakes were instrumental in confirming his identity.
Email Evidence and YouTube Missteps
Beyond the blockchain, FBI analysts pieced together West’s digital footprint through his Gmail account. Stored selfies, receipts, and university housing documents tied the account to his real name. His student certificate from a UK cybersecurity programme further solidified the connection.
But it was his reckless browsing behaviour that gave investigators additional leads: IntelBroker frequently referenced YouTube videos in his dark web posts that matched videos watched from his personal Gmail account, creating a direct link between his public persona and private life.
As Forum-1 evolved and relaunched following takedowns, West’s updated signature blocks carried over to old posts, offering a continuous trail of his activity dating back to early 2023.
High-Profile Victims and Damages
According to the indictment, West’s hacking campaigns affected numerous organisations. Victim-1, a New York-based telecom provider, suffered data deletion from its Manhattan server, incurring losses in the hundreds of thousands.
Victim 3, a municipal healthcare provider, saw the theft of sensitive data for more than 56,000 patients, which West sold to an undercover agent for $1,000 in Monero. Victim-6, an ISP, fell to a breach leveraging information obtained from previous leaks.
West’s strategy of offering proof samples and negotiating prices via private messages allowed him to build credibility and attract buyers but ultimately left a paper trail that agents used to secure charges.
Charges and Potential Sentence
West faces four federal charges: wire fraud, conspiracy to commit wire fraud, conspiracy to commit computer intrusions, and accessing a protected computer to defraud. Each charge carries the potential for years in prison, especially given the scope of his activities and the involvement of healthcare data.
Special Agent Carson Hughes and US Attorney Jay Clayton emphasised the global threat IntelBroker posed. “This arrest is a warning to cybercriminals everywhere: anonymity online is not invincibility,” Hughes said.
A Mysterious NCA Connection?
Intriguingly, West’s LinkedIn profiles claimed he was briefly a security researcher trainee at the UK’s National Crime Agency in 2019, raising questions about his early exposure to cybersecurity practices. The National Crime Agency has not commented, and the accuracy of this claim remains unverified.
Awaiting Extradition
West is currently detained in France as the US seeks extradition. Forum-1 has been offline since April 2025, reportedly following a zero-day exploit, but many of its former members have migrated to other cybercrime platforms.
The FBI’s combination of undercover work, blockchain forensics, and careful analysis of seemingly mundane online behaviour led to the unmasking of one of the dark web’s most notorious figures, offering a stark reminder that the digital breadcrumbs of even the most careful criminals can, eventually, lead to their downfall.
