Who is Kimwolf Botmaster 'Dort'? Inside the Rise of a Notorious Cybercriminal

In early January 2026, KrebsOnSecurity revealed how a security researcher’s disclosure of a critical vulnerability enabled the creation of Kimwolf, the world’s largest and most disruptive botnet. Since then, the individual controlling Kimwolf—operating under the alias “Dort”—has launched a series of coordinated cyberattacks, including distributed denial-of-service (DDoS) assaults, doxing campaigns, and email flooding targeting the researcher and this author. In a recent escalation, Dort allegedly triggered a SWAT team response to the researcher’s residence.

This report synthesizes publicly available information to profile Dort’s known activities and digital footprint.

Early Digital Footprint: Minecraft Cheating and Cybercrime Origins

A 2020 public dox alleged that Dort was a Canadian teenager born in August 2003, who previously used the aliases “CPacket” and “M1ce.” Cross-referencing this claim with the open-source intelligence platform OSINT Industries reveals a GitHub account created in 2017 under the names Dort and CPacket, linked to the email address [email protected].

Cybercrime Forum Activity and Email Trails

The cyber intelligence firm Intel 471 reports that [email protected] was used between 2015 and 2019 to register accounts on multiple cybercrime forums, including:

• Nulled (username: “Uubuntuu”)
• Cracked (username: “Dorted”)

Both accounts were created from the same IP address assigned to Rogers Canada (99.241.112.24).

From Minecraft Exploits to Serious Cybercrime

Dort gained early notoriety in the Microsoft Minecraft community for developing “Dortware”, a cheating tool that allowed players to manipulate game mechanics. However, their activities soon escalated from gaming exploits to enabling more severe cybercriminal operations.

LAPSUS$ Affiliation and CAPTCHA-Bypassing Tools

In March 2022, Dort operated under the handle “DortDev” on the chat server of the notorious cybercrime group LAPSUS$. During this period, Dort advertised two services on SIM Land, a Telegram channel focused on SIM-swapping and account takeovers:

• A temporary email registration service
• “Dortsolver”, a tool designed to bypass CAPTCHA protections, which are critical for preventing automated account abuse.

The cyber intelligence firm Flashpoint documented 2022 posts on SIM Land where Dort collaborated with another hacker known as “Qoft” to develop these services. In one exchange, Qoft stated:

“I legit just work with Jacob.”

Qoft later revealed that the duo had stolen over $250,000 worth of Microsoft Xbox Game Pass accounts by creating a program that mass-generated Game Pass identities using stolen payment card data.

Identifying Jacob: The Business Partner Behind Dort

The breach tracking service Constella Intelligence found that the password for [email protected] was reused for just one other email: [email protected]. Notably, the 2020 dox of Dort listed their date of birth as August 2003 (8/03).

A search on DomainTools shows that [email protected] was used in 2015 to register several Minecraft-themed domains, all tied to a Jacob Butler in Ottawa, Canada, along with the phone number 613-909-9727.

Constella Intelligence further reveals that [email protected] was used to create an account on the hacker forum Nulled in 2016.