A cybercriminal known as “IntelBroker”—real name Kai West—has been arrested, unmasked, and charges have been filed in New York alleging millions of dollars in damages. It was a single Bitcoin payment, out of his usual Monero-only operation, that unraveled his network of dark web data trafficking. Here’s how law enforcement pieced it all together.
From Monero to Bitcoin: A Fatal Slip
West, a government national and cybersecurity student, operated exclusively using Monero (XMR) because it is a privacy-enabled cryptocurrency preferred by hackers because of the anonymity. From the end of 2022 to the beginning of 2025, West was the leader of the hacker group “CyberN…” and posted on BreachForums advertisements to sell stolen data with a minimum of 158 advertisements to sell information which was free and was sold for Monero.
Although West used Monero for his operations, in January, 2023, he made a significant error: he accepted Bitcoin when an undercover FBI agent offered to exchange credential access to an API in exchange for $250 worth of Bitcoin. That small diversion resulted in the beginning of a downward spiral that revealed his elaborate operation.
Blockchain Breadcrumbs
Bitcoin transactions are open and traceable. After the payment, investigators followed West’s Bitcoin wallet to a Ramp exchange account that required identity verification. The Ramp account was created under a UK provisional driver’s license which connected the crypto trail to Kai Logan West. Additional blockchain forensic investigations traced the disposal actions back to a Coinbase account owned by an alias of “Kyle Northern” and his KYC documentation matched West.
Digital Traces and Forum Activities
In addition to cryptocurrency, West left digital blunders across his whole digital life. His IP addresses, email accounts, and even YouTube watch history matched between his private accounts and the IntelBroker alias. He sometimes claimed to be Russian or Serbian in forum posts, but English-language patterns in his writing revealed his true identity.
Scope of the Criminal Operation
West’s charges include conspiracy to commit computer intrusions, wire fraud, and unauthorized access—a total of four counts carrying up to 50 years behind bars. Prosecutors estimate that he caused over $25 million in damages while selling stolen data valued at more than $2 million.
His victims spanned U.S. telecom providers, healthcare systems, and government entities. Leaked data included customer records, health information for over 50,000 Americans, and administrative credentials. Between January 2023 and February 2025, he listed at least 41 paid data deals plus around 117 free leaks or credit offers on BreachForums.
International Pursuit & Extradition
West was arrested in France in February 2025. Alongside four accomplices linked to BreachForums, he is now subject to a U.S. extradition request from the Southern District of New York. He is expected to appear before a U.S. magistrate later this month.
Crypto Crime and Privacy Coins Under Scrutiny
Monero’s strong anonymity features—ring signatures, stealth addresses, confidential transaction amounts—have made it the preferred currency for illicit markets. But regulators are now targeting privacy coins; several major exchanges delisted Monero last year, and the EU is considering a ban.
FBI Assistant Director Christopher Raia stated, “This should serve as a warning: you can’t hide behind a keyboard—FBI will track you down no matter where.” U.S. Attorney Jay Clayton echoed that message, emphasizing the global pursuit of cybercriminals.
Conclusion
Kai West’s case highlights both the power and limits of privacy tools like Monero. One slip—accepting Bitcoin—became the digital thread law enforcement pulled to unravel an international cybercrime ring. As regulators intensify focus on privacy coins, this case may mark a turning point in tracing dark web transactions and bringing perpetrators to justice.
