Microsoft abruptly terminates VeraCrypt account, halting Windows updates

April 8, 2026
aisecuritybusinesslaw
Detailed view of a backlit laptop keyboard keys with blue LED lighting for tech concepts.
Photo by Castorly Stock on Pexels

What happened

It has been reported that Microsoft terminated an account tied to VeraCrypt, the long-running open‑source disk‑encryption project, leaving the developer unable to publish Windows updates. Mounir Idrassi, VeraCrypt’s lead developer, told 404 Media he discovered in mid‑January that he could no longer sign Windows drivers or the bootloader — the key steps that enable Windows releases. “I didn't receive any emails from Microsoft nor any prior warnings,” he said.

The immediate impact

Without a functioning Microsoft developer account Idrassi says he cannot push Windows builds; Linux and macOS updates remain possible, but most VeraCrypt users run Windows. That’s a major blow to a project people rely on to protect sensitive data. Idrassi shared the terse message he received — that his organization, IDRIX, “does not currently meet the requirements to pass verification” and that there is no appeal — and says follow‑up support replies were automated and, allegedly, AI‑generated. Frustration and uncertainty are the order of the day.

Is this a one‑off?

It might not be. It has been reported on Hacker News that WireGuard’s maintainer faced a similar sudden suspension when trying to publish an update — “No warning at all, no notification,” wrote WireGuard creator Jason Donenfeld. So what are the rules here? Who decides which open‑source maintainers meet enterprise verification standards? Questions stack up, and answers are scarce.

Why it matters

Beyond one project, the episode highlights a fragile link in modern open‑source supply chains: critical tooling that depends even tangentially on big‑tech platforms can be sidelined with little explanation. Microsoft acknowledged a request for comment but did not respond in time for publication. For users and maintainers alike, the emotional core is clear: reliance on centralized gates for small but essential projects is suddenly less comfortable. Who watches the watchmen?

Sources: 404media.co, Hacker News