Gabriel Kimiaie Asadi Bildstein

Last updated
Gabriel Kimiaie Asadi Bildstein
Born (1999-07-11) July 11, 1999 (age 26)
Tarbes, France
Other namesKuroi'SH, Nclay
Known forAlleged involvement in high-profile cyberattacks associated with hacking groups ShinyHunters and GnosticPlayers.

Gabriel Kimiaie Asadi Bildstein (born July 11, 1999, in Tarbes, France) is a French individual alleged to have participated in a series of high-profile cyberattacks under the pseudonyms Kuroi'SH and Nclay and as a member of the hacking groups GnosticPlayers and ShinyHunters. [1] He has been linked to cybersecurity breaches involving NASA, Google Brazil, Vevo, Coinrail, GateHub, and Canva. [2] [3] Although he has been indicted in both France and the United States, he has not been convicted. His diagnosis of Asperger syndrome has reportedly influenced legal assessments of criminal responsibility. [4]

In 2015, Bildstein allegedly participated in the defacement of subdomains belonging to NASA and Google Brazil under the alias "Kuroi'SH". Messages such as "Hacked by Kuroi'SH" appeared on the compromised pages. [5] The campaign was attributed to a group calling itself "The Intrud3rs". [6]

In May 2018, he and another individual using the alias "Prosox" were involved in defacing the Vevo YouTube channel, altering popular music videos, including Luis Fonsi's Despacito . [7] The attack changed the titles, descriptions, and thumbnails of the videos to reflect messages attributed to Kuroi'SH and Prosox. [8] Both individuals were later arrested and charged in France. [9]

Bildstein was linked to the June 2018 breach of Coinrail, a South Korean cryptocurrency exchange. Approximately $40 million in cryptocurrency was stolen. [10] He reportedly admitted involvement to French investigators in 2021 and was indicted in connection with the hack in 2025. [11]

Bildstein is believed to have been a key member of the hacking group "GnosticPlayers", [12] which claimed responsibility for breaches affecting companies including Canva, MyFitnessPal, Zynga, MyHeritage, and Dubsmash. [13]

In 2019, Bildstein was allegedly involved in the theft of more than $9.5 million in XRP tokens from the GateHub platform. [14] Authorities seized multiple luxury vehicles from his home in Tarbes. [15] He was arrested and charged in France. [16]

Bildstein is also suspected of involvement with the group ShinyHunters, linked to data breaches of Microsoft, AT&T, and Ticketmaster. [17] In 2022, French police raided his home in Tarbes. [18] He was questioned by FBI agents and later indicted by the United States Department of Justice for conspiracy to commit computer intrusion. [19] Due to France's policy of not extraditing its nationals, it is unlikely he will be tried in the U.S. [20]

References

  1. "Cryptomonnaie : Kuroi-SH, le Machiavel français du Web". Paris Match (in French). 29 May 2025.
  2. "Piratage de la NASA : Google communique au FBI les infos d'un jeune francophone". Zataz (in French).
  3. Warren, Tom (10 April 2018). "Vevo's YouTube account hack hits popular music videos, causes biggest video ever to disappear". The Verge .
  4. Gautronneau, Vincent; Pham-Lê, Jérémie (17 July 2020). "Cybercasse du siècle : YouTube, Nasa… l'impressionnant palmarès des deux pirates français". Le Parisien (in French).
  5. Paganini, Pierluigi (18 September 2017). "The hacker Kuroi'SH defaced the official Google Brazil domain". Security Affairs.
  6. "Muslim Hacking Crew The Intrud3rs Attacks, Defaces NASA sites, French Universities". The Cryptosphere. 20 October 2015.
  7. "Des pirates s'en prennent à des vidéos sur internet, dont "Despacito"". Le Point (news magazine) (in French). 10 April 2018.
  8. "Despacito YouTube music video hacked plus other Vevo clips". BBC News . 10 April 2018.
  9. Paganini, Pierluigi (10 April 2018). "Top VEVO Music videos Including 'Despacito' defaced by hackers". Security Affairs.
  10. Kollewe, Julia (11 June 2018). "Bitcoin price plunges after cryptocurrency exchange is hacked". The Guardian .
  11. Bancal, Damien. "Gabriel Kimiaie Asadi-Bildstein, l'insaisissable hacker français aux millions évaporés". Zataz (in French).
  12. "The Dark Overlord Cyber Investigation Report" (PDF). Night Lion Security. Archived (PDF) from the original on Dec 11, 2023.
  13. Cimpanu, Catalin. "Hackers steal $9.5 million from GateHub cryptocurrency wallets". ZDNet.
  14. "Le hacker tarbais réalise un cybercasse à 8 M€ !". La Dépêche du Midi (in French).
  15. "Hautes-Pyrénées : à 21 ans, il est mis en examen pour un cyberbraquage à plus de 8 millions d'euros". France 3 Occitanie (in French). 17 July 2020.
  16. Bancal, Damien. "Gabriel Kimiaie Asadi-Bildstein, l'insaisissable hacker français aux millions évaporés". Zataz.com (in French).
  17. Zetter, Kim (2024-06-17). "Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake". Wired. ISSN   1059-1028.
  18. "Who are the ShinyHunters, the hacker group a Frenchman wanted by the FBI is suspected of belonging to?". Le Monde . 5 August 2022.
  19. "Alleged French cybercriminal to appear in Seattle on indictment for conspiracy, computer intrusion, wire fraud and aggravated identity theft | United States Department of Justice". www.justice.gov. United States District Court for the Western District of Washington. 26 January 2023.
  20. "Members of GnosticPlayers arrested and charged as members of ShinyHunters? (with Update1) – DataBreaches.Net". Databreaches.net.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.