Gabriel Kimiaie Asadi Bildstein

Gabriel Kimiaie Asadi Bildstein
Born (1999-07-11) July 11, 1999
Tarbes, France
NationalityFrench
Other namesKuroi’SH, Nclay
Known forAlleged involvement in high-profile cyberattacks associated with hacking groups ShinyHunters and GnosticPlayers.

Gabriel Kimiaie Asadi Bildstein (born July 11, 1999 in Tarbes, France) is a French individual alleged to have participated in a series of high-profile cyberattacks under the pseudonyms Kuroi’SH, Nclay, and as a member of hacking groups GnosticPlayers and ShinyHunters.[1] He has been linked to cybersecurity breaches involving NASA, Google Brazil, Vevo, Coinrail, GateHub, and Canva.[2][3] Although he has been indicted in both France and the United States, he has not been convicted. His diagnosis of Asperger syndrome has reportedly influenced legal assessments of criminal responsibility.[4]

In 2015, Bildstein allegedly participated in the defacement of subdomains belonging to NASA and Google Brazil under the alias "Kuroi'SH". Messages such as "Hacked by Kuroi’SH" appeared on the compromised pages.[5] The campaign was attributed to a group calling itself "The Intrud3rs".[6]

In May 2018, he and another individual using the alias "Prosox" were involved in defacing the Vevo YouTube channel, altering popular music videos including Luis Fonsi’s Despacito.[7] The attack changed the titles, descriptions, and thumbnails of the videos to reflect messages attributed to Kuroi’SH and Prosox.[8] Both individuals were later arrested and charged in France.[9]

Bildstein was linked to the June 2018 breach of Coinrail, a South Korean cryptocurrency exchange. Approximately $40 million in cryptocurrency was stolen.[10] He reportedly admitted involvement to French investigators in 2021 and was indicted in connection with the hack in 2025.[11]

Bildstein is believed to have been a key member of the hacking group "GnosticPlayers",[12] which claimed responsibility for breaches affecting companies including Canva, MyFitnessPal, Zynga, MyHeritage, and Dubsmash.[13]

In 2019, Bildstein was allegedly involved in the theft of more than $9.5 million in XRP tokens from the GateHub platform.[14] Authorities seized multiple luxury vehicles from his home in Tarbes.[15] He was arrested and charged in France.[16]

Bildstein is also suspected of involvement with the group ShinyHunters, linked to data breaches of Microsoft, AT&T, and Ticketmaster.[17] In 2022, French police raided his home in Tarbes.[18] He was questioned by FBI agents and later indicted by the United States Department of Justice for conspiracy to commit computer intrusion.[19] Due to France’s policy of not extraditing its nationals, it is unlikely he will be tried in the U.S.[20]

References

  1. ^ "Cryptomonnaie : Kuroi-SH, le Machiavel français du Web". Paris Match (in French). 29 May 2025.
  2. ^ "Piratage de la NASA : Google communique au FBI les infos d'un jeune francophone". Zataz (in French).
  3. ^ Warren, Tom (10 April 2018). "Vevo's YouTube account hack hits popular music videos, causes biggest video ever to disappear". The Verge.
  4. ^ Gautronneau, Vincent; Pham-Lê, Jérémie (17 July 2020). "Cybercasse du siècle : YouTube, Nasa… l'impressionnant palmarès des deux pirates français". Le Parisien (in French).
  5. ^ Paganini, Pierluigi (18 September 2017). "The hacker Kuroi'SH defaced the official Google Brazil domain". Security Affairs.
  6. ^ "Muslim Hacking Crew The Intrud3rs Attacks, Defaces NASA sites, French Universities". The Cryptosphere. 20 October 2015.
  7. ^ "Des pirates s'en prennent à des vidéos sur internet, dont "Despacito"". Le Point (news magazine) (in French). 10 April 2018.
  8. ^ "Despacito YouTube music video hacked plus other Vevo clips". BBC News. 10 April 2018.
  9. ^ Paganini, Pierluigi (10 April 2018). "Top VEVO Music videos Including 'Despacito' defaced by hackers". Security Affairs.
  10. ^ Kollewe, Julia (11 June 2018). "Bitcoin price plunges after cryptocurrency exchange is hacked". The Guardian.
  11. ^ Bancal, Damien. "Gabriel Kimiaie Asadi-Bildstein, l'insaisissable hacker français aux millions évaporés". Zataz (in French).
  12. ^ "The Dark Overlord Cyber Investigation Report" (PDF). Night Lion Security. Archived (PDF) from the original on Dec 11, 2023.
  13. ^ Cimpanu, Catalin. "Hackers steal $9.5 million from GateHub cryptocurrency wallets". ZDNet.
  14. ^ "Le hacker tarbais réalise un cybercasse à 8 M€ !". La Dépêche du Midi (in French).
  15. ^ "Hautes-Pyrénées : à 21 ans, il est mis en examen pour un cyberbraquage à plus de 8 millions d'euros". France 3 Occitanie (in French). 17 July 2020.
  16. ^ Bancal, Damien. "Gabriel Kimiaie Asadi-Bildstein, l'insaisissable hacker français aux millions évaporés". Zataz.com (in French).
  17. ^ Zetter, Kim (2024-06-17). "Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake". Wired. ISSN 1059-1028.
  18. ^ "Who are the ShinyHunters, the hacker group a Frenchman wanted by the FBI is suspected of belonging to?". Le Monde. 5 August 2022.
  19. ^ "Alleged French cybercriminal to appear in Seattle on indictment for conspiracy, computer intrusion, wire fraud and aggravated identity theft | United States Department of Justice". www.justice.gov. United States District Court for the Western District of Washington. 26 January 2023.
  20. ^ "Members of GnosticPlayers arrested and charged as members of ShinyHunters? (with Update1) – DataBreaches.Net". Databreaches.net.
This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.