Back to all insights
Picture of Shane Brown

Shane Brown

The Phantom Hacker

The Phantom Hacker: Dylan Wheeler Got Away With $100 Million in Cybercrime

Four teenage hackers stole over $100 million from Microsoft, Epic Games, and the U.S. Army. Three went to prison. Two are dead. One walks free.

The Missing Defendant

September 2014. A Delaware courtroom filled with federal prosecutors as four members of “Xbox Underground” faced charges for one of gaming history’s biggest cybercrimes. David Pokora, 22, became the first foreign hacker convicted in U.S. federal court for stealing American trade secrets. Beside him stood Sanadodeh Nesheiwat, 28, Nathan Leroux, 20, and Austin Alcala, 18.

Someone was missing.

Court documents referenced a fifth member. “D.W.” An Australian teenager who played a central role in the conspiracy. While his accomplices faced decades of potential prison time, D.W. was absent from U.S. charges. He had been dealt with separately in Australian children’s court.

His real name: Dylan Wheeler. Online handle: SuperDaE. He was 14 when the hacking began, operating from his bedroom in Perth, Western Australia. Wheeler committed credit card fraud, sold counterfeit Xbox One prototypes for thousands of dollars, and helped orchestrate intrusions that cost victims $100-200 million.

Today, Wheeler remains the only core member of Xbox Underground who was never prosecuted by the United States. While his accomplices served prison sentences and battled addiction, Wheeler escaped to Europe and now runs a cybersecurity company.

The First Breach

Wheeler’s path into cybercrime started with a gift in 2010. A hacker named “Gamerfreak1727” gave Wheeler a database dump from an online gaming forum. Usernames, email addresses, and plaintext passwords.

Wheeler scanned the list and found several email addresses belonging to Epic Games employees. He tested whether these employees reused passwords across different services.

They did.

Wheeler gained access to an Epic Games IT employee’s Gmail account. Inside that inbox, he found the password to the employee’s corporate email: “Admin060606”.

With valid credentials for an IT administrator at Epic Games, Wheeler now held the keys to one of gaming’s most valuable networks. But he wanted to impress the Xbox hacking elite.

Building the Crew

David Pokora was a rising star in the Xbox modding scene. The University of Toronto computer science student had built a reputation for sophisticated Halo modifications. Wheeler approached him.

“I basically approached David and I said to him, I might have something of value. Would you be willing to team up?” Wheeler later explained on the Darknet Diaries podcast.

During a Skype session, Wheeler demonstrated his access to Epic’s network. What they found exceeded expectations: internal source code repositories, pre-release game builds, and the complete source code for Gears of War 3. More than a year before the game’s public release.

To safely exfiltrate the massive files, Pokora brought in Nesheiwat. A 28-year-old hardware enthusiast from New Jersey who possessed a hacked Comcast cable modem that provided untraceable, high-speed internet access. Nesheiwat downloaded gigabytes of Epic’s proprietary data, burned it to Blu-ray discs, encrypted the files, and shipped them to Pokora in Canada.

The group had crossed a line. This was corporate espionage.

The Durango Discovery

By 2011, Xbox Underground had expanded far beyond Epic Games. Using stolen credentials, the group breached Valve Corporation, Activision Blizzard, Electronic Arts, and Microsoft itself. They used SQL injection attacks and stolen developer credentials to access Microsoft’s Game Developer Network Portal.

In mid-2012, Wheeler made a discovery that would define the case. Logged into a Microsoft developer account, he noticed an unusual folder labeled “Durango.”

Inside were technical specifications, photographs, driver software, and source code for Microsoft’s next-generation gaming console. What would eventually be released as the Xbox One in November 2013. At the time, the project was one of Microsoft’s most closely guarded secrets.

Wheeler and his co-conspirators reverse-engineered the hardware requirements by analyzing the drivers and cross-referencing them with the internal photographs.

Nathan Leroux, a 20-year-old from Maryland, volunteered to build a working prototype. He ordered components from Newegg and assembled a functional counterfeit Xbox One. More than a year before the console’s official release.

Criminal Escalation

On July 29, 2012, Wheeler accessed the network of Zombie Studios, a Seattle-based game developer working on a contract for the U.S. Department of Defense. Using TeamViewer remote access software, Wheeler discovered the company was developing the AH-64D Apache helicopter flight simulator for U.S. Army pilot training.

Wheeler downloaded the military software. Then he went further. He stole employees’ personal information, including Social Security numbers, home addresses, and tax documents.

Federal prosecutors documented Wheeler’s next move: “D.W. subsequently submitted credit card applications in the names of the Zombie employee and a family member for limits of $15,000 and $10,000.”

The group was no longer stealing video games. They were committing serious financial crimes and compromising U.S. military assets.

In August 2012, they sold the first counterfeit Xbox One for approximately $5,000. An FBI informant intercepted the console before it reached its destination in the Seychelles.

Wheeler then took an astonishingly brazen step. He listed another counterfeit Durango on eBay. Using photographs from the first build. Bidding rocketed past $10,000, climbing to $20,100 before eBay canceled the auction as fraudulent.

The stunt generated massive media attention and publicly exposed the “Durango” codename. Wheeler’s eBay spectacle infuriated Pokora, who recognized it as reckless. Microsoft now had undeniable proof that its most sensitive intellectual property had been compromised.

The Walls Close In

In March 2014, David Pokora attempted to cross the U.S.-Canada border. U.S. Customs and Border Protection detained him. A federal grand jury had secretly indicted him weeks earlier on 16 counts including conspiracy to commit computer fraud, copyright infringement, wire fraud, identity theft, and theft of trade secrets.

The FBI had been building its case for months, aided by an informant within the hacking group.

On December 4, 2012, at 5:30 a.m., Nesheiwat woke to pounding on his door. He opened it to find nearly 50 FBI agents, some in tactical gear, pointing weapons at him. The FBI seized approximately 20 Xbox development kits, three retail Xboxes, and countless other items from his home.

Weeks earlier, Nathan Leroux had also been raided. The FBI confronted Leroux with evidence of the Durango sales, FIFA coin generation schemes, and his role in hacking multiple companies.

Leroux cooperated with authorities and later pleaded guilty. But the trauma of his arrest and looming prosecution took a severe toll. While awaiting extradition after attempting to flee to Canada, he attempted suicide by stabbing himself multiple times. Leroux survived, transitioned to a female identity (taking the name Holly), and was sentenced to prison. Shortly after release, she died by suicide in a Fresno motel room.

The Australian Escape

On a spring morning in May 2013, 17-year-old Dylan Wheeler was hacking late into the night from his Perth bedroom when he noticed police vehicles outside.

“There was at least a dozen armed police,” Wheeler said. “I knew shit, something’s up.”

Wheeler frantically powered down computers and hid a laptop in the ceiling before police breached the door. Australian Federal Police spent hours seizing equipment, totaling an estimated $50,000-$100,000 in hardware.

Wheeler was arrested and charged under Australian law. Crucially, however, U.S. authorities chose not to seek his extradition. Prosecutors indicated they would allow Australia to handle Wheeler’s case domestically.

Wheeler’s age meant his case would be heard in Perth Children’s Court, a juvenile justice system focused on rehabilitation rather than punishment. He was released on bail pending trial.

But Wheeler’s case dragged on for nearly three years with no resolution. During this time, he watched from across the Pacific as his former accomplices faced severe consequences in American courts. Pokora was sentenced to 18 months in federal prison. Nesheiwat received an identical 18-month sentence.

By 2015, Wheeler faced a grim reality: if convicted in Australia, he faced up to 10 years imprisonment. A judge ordered him to surrender his passport as a condition of continued bail.

Wheeler made a choice. Within six hours of the surrender deadline, he boarded a flight to Dubai and then to the Czech Republic, where his mother held citizenship.

“I left Australia because my case went on for about two to three years and it was getting nowhere,” Wheeler told the ABC in 2015 from his new home in Europe.

A subsequent freedom of information request revealed that Australian authorities had placed Wheeler on the PACE watchlist. But only six days after he had already fled the country.

A Mother’s Sacrifice

Wheeler’s escape came at a devastating cost to his family. In November 2017, his mother, Anna Wheeler, was convicted in a Western Australian court of perverting the course of justice. Prosecutors proved she had funded Dylan’s flight to the Czech Republic and helped him evade prosecution.

Judge Stephen Scott sentenced Anna Wheeler to a custodial term, stating: “What you did was to show disregard and contempt for the law and the administration of justice and you have done your son no good at all.”

As of December 2015, Australia had not formally requested Dylan Wheeler’s extradition from the Czech Republic. More than a decade later, Wheeler has never been extradited, never stood trial in the United States, and never served time in prison for his role in Xbox Underground.

The Toll on Others

Anthony Clark was not part of the original Xbox Underground indictment but had collaborated with group members on a separate FIFA coin fraud scheme. Clark and three associates created software that tricked Electronic Arts’ servers into awarding millions of FIFA coins, which they sold on black markets for a total of $16 million.

At the operation’s peak, the group generated up to $500,000 per day. On September 17, 2015, the FBI raided Clark and his co-conspirators simultaneously, seizing more than $4 million in cash and assets.

Three of Clark’s co-conspirators pleaded guilty. Clark chose to fight the charges. A Texas jury disagreed with his defense. On November 16, 2016, Clark was convicted and faced up to 20 years in prison.

On February 26, 2017, two days after his 27th birthday and one day before his sentencing hearing, Anthony Clark was found dead in his Whittier, California home. The official cause of death was accidental overdose from a combination of alcohol and medication.

Nesheiwat also struggled after his release from prison. He battled severe depression and legal restrictions on his computer use.

Pokora and Alcala represent the case’s rare success stories in rehabilitation. Both served their sentences and went on to work in legitimate cybersecurity roles.

A Phantom in Plain Sight

Today, Dylan Wheeler operates openly from the Czech Republic, where he possesses citizenship through his mother. He runs a cybersecurity company called “Day After Exploit” and claims to provide security consulting services to European government agencies.

Wheeler is active on social media, has given interviews to Australian media and podcasts like Darknet Diaries, and attended information security conferences. He speaks frankly about his teenage hacking activities.

“The accusations they have claimed are untrue, and to the best of my knowledge I haven’t committed a crime,” Wheeler told ABC News in 2015. “I would like them to drop the charges, drop the accusations and face defeat and say, ‘Hey, we stuffed up’.”

This position is difficult to reconcile with U.S. federal court documents, which explicitly name “D.W.” and detail his role in credit card fraud, identity theft, hacking Zombie Studios and stealing military software, selling counterfeit Durangos, and orchestrating the eBay spectacle.

In podcast interviews, Wheeler has reframed his past as youthful curiosity rather than criminal intent. “We were teenagers. I don’t think we had too much of a sense of risk. Like oh, if we got caught it would be a slap on the wrist, right?” he told Darknet Diaries.

An Australian arrest warrant for Wheeler remains active, meaning he would face immediate detention if he ever returned home. However, there is no indication that Australia or the United States have pursued extradition with any vigor in the decade since his flight.

Why One Hacker Escaped

Wheeler’s escape from prosecution reflects several factors:

Jurisdictional Challenges
Wheeler committed his crimes from Australian soil, targeting American companies. This created questions about which country held primary jurisdiction. U.S. authorities ultimately deferred to Australia to prosecute Wheeler domestically rather than seeking extradition.

Juvenile Status
Wheeler was 14 when the hacking began and 17 when arrested. His case was handled in Perth Children’s Court, which focuses on rehabilitation for young offenders rather than punitive sentencing. This made Wheeler a lower priority for international prosecution compared to adult defendants.

Cooperating Witnesses
The U.S. case against Xbox Underground was built substantially on evidence from a cooperating insider. With Pokora, Nesheiwat, Leroux, and Alcala already in custody and cooperating, prosecutors likely calculated that pursuing a lengthy extradition process for a juvenile in Australia offered diminishing returns.

Czech Citizenship
Wheeler’s possession of Czech citizenship through his mother provided him with a legal right to residency in a European Union member state. Once he fled to the Czech Republic, extraditing him would have required coordination among Australian, American, and Czech authorities.

Australian Prosecution Delays
Wheeler’s case languished in the Australian legal system for nearly three years without resolution. This delay gave him time to plan his escape.

By the time Wheeler fled in 2015, the U.S. prosecutions were largely complete, with his co-conspirators already sentenced.

The One Who Got Away

More than a decade after Xbox Underground’s takedown, the case remains a study in contrasts. David Pokora served 18 months in federal prison and now works in cybersecurity. Austin Alcala cooperated with prosecutors, avoided prison, and similarly pivoted to legitimate security work. Sanadodeh Nesheiwat served his sentence and struggles with the aftermath.

Nathan Leroux transitioned, was released from prison, and took her own life. Anthony Clark died the day before sentencing.

Dylan Wheeler posts on social media, attends hacker conferences, runs a consulting business, and lives freely in Europe. He is the phantom of Xbox Underground. Present in the court record, absent from the defendant’s table. His name appears in federal indictments as “D.W.,” detailing crimes he later admitted to in podcast interviews, yet he has never answered for them in an American court.

An Australian arrest warrant sits dormant. A mother served time in prison for helping him escape. And Wheeler continues his career, arguing that the past is the past and that people should be judged by who they are today, not who they were as teenagers.

The federal government estimated damages at $100-200 million. Companies spent millions on forensic investigations and security overhauls. An IT employee’s personal information was stolen and used to commit fraud. Military training software fell into civilian hands. Microsoft’s most valuable trade secret was reverse-engineered and sold before launch.

For most of those who participated, there were consequences. For Dylan Wheeler, there were none.

He remains the hacker who got away. A phantom in the machine, documented but never held accountable. His escape stands as a testament both to the challenges of international cybercrime prosecution and to a teenager’s audacity in exploiting every crack in the system.

Wheeler’s story is not one of redemption, but of evasion. It is the tale of the one member of Xbox Underground whose name will never appear on a U.S. prison roster, whose mugshot will never enter the federal database, who will never stand before an American judge to answer for what federal prosecutors called one of the most sophisticated hacking conspiracies in gaming history.

He is the phantom hacker. Present in the crime, absent from justice, and free to tell his story on his own terms.

more insights

When the Hacker Was an Algorithm

February 2, 2026

When the Hacker Was an Algorithm: Inside the First AI-Orchestrated Cyber Espionage Campaign In September 2025, Anthropic security engineers spotted something wrong in their system

Read more >

ClawdBot/Moltbot

January 27, 2026

ClawdBot/Moltbot: When Viral AI Tools Become Security Nightmares ClawdBot exploded onto the tech scene in January 2026. Within three days, the open-source AI assistant rocketed

Read more >

The Maxus Mystery

January 23, 2026

The Maxus Mystery: When a 19-Year-Old Russian Hacker Held 300,000 Credit Cards Hostage The Christmas Day Ultimatum December 25, 1999. Most Americans celebrated Christmas with

Read more >