Someone is using a keyboard in a low-light room. (Photo by Soumil Kumar/Pexels)
A 25-year-old Canadian man from Kitchener, Ontario, finds himself at the center of a major international cybercrime case—uncovered not by accident, but because he made one critical error: threatening the wrong person online.
Connor Riley Moucka, who operated under the online alias “Waifu,” is now in Canadian custody, awaiting extradition to the United States. Authorities allege he was part of a criminal ring responsible for breaking into the networks of at least 10 organizations, stealing sensitive data, and ransoming it for millions in cryptocurrency.
The person who helped bring him down? A cybersecurity researcher named Allison Nixon. Based in New York, Nixon is the chief research officer at Unit 221B, a firm that investigates cybercrime. She hadn’t been tracking Moucka until he began posting personal threats against her and her company in 2024 on Telegram chat groups. That caught her attention—and sealed his fate.
“He kept drawing attention to himself,” Nixon said. “That’s a fast way to become a top priority for investigators.”
Nixon and her team, working with cybersecurity experts including those from Google-owned Mandiant, spent months tracing Moucka’s digital trail. While the exact methods remain confidential, Nixon said she doesn’t want to reveal their techniques, as other criminals are always trying to study and evade investigators.
Moucka was eventually arrested at his grandfather’s home in October 2024 following a request from U.S. authorities. He faces 20 federal charges, ranging from wire fraud to identity theft. He agreed to be extradited to the U.S. in March 2025.
U.S. court documents accuse Moucka and his associates of stealing personal information—such as banking details, social security numbers, and passport data—from millions of victims. Their alleged crimes align closely with the infamous 2024 “Snowflake” data breach, which affected major companies like AT&T, Ticketmaster, and Pure Storage. Many of these companies had Canadian clients.
Experts call this one of the most significant cybersecurity breaches in history. David Jao, a University of Waterloo professor, noted that the full scale of the crime is still being investigated and more suspects remain at large.
Moucka is also tied to another accused hacker—Cameron John Wagenius, a U.S. soldier charged with selling hacked AT&T call data that allegedly included records of high-profile figures like Donald Trump and Kamala Harris. Wagenius has reportedly pleaded guilty.
Before his arrest, Moucka reportedly distributed “insurance packages” to contacts—some of which contained sensitive data from public officials—as a backup plan if he were caught.
Investigators believe Moucka is part of “The Com,” an underground hacker community consisting mostly of young English-speaking men. This group, according to experts, engages in SIM swapping, crypto theft, swatting, and even violent crimes. Nixon compares them to street gangs—except their turf is the internet.
Moucka is being held at Maplehurst Correctional Centre in Milton, Ontario, as Canada’s justice department processes the extradition request. The case is expected to proceed in a Seattle federal court.
Despite the disturbing nature of her work, Nixon remains passionate about solving cyber puzzles. “It’s like a mystery every time—and I love mysteries,” she said.
