Microsoft Suspends Developer Accounts for Open-Source Projects
Key Takeaways Microsoft has suspended the developer accounts for prominent open-source security projects VeraCrypt and WireGuard. The suspensions prevent these projects from signing critical Windows...
Key Takeaways
- Microsoft has suspended the developer accounts for prominent open-source security projects VeraCrypt and WireGuard.
- The suspensions prevent these projects from signing critical Windows drivers, halting updates and potentially impacting functionality for millions of users.
- The issue appears to stem from Microsoft’s stricter identity verification policies, which developers claim were enforced without prior notification.
- Microsoft developer advocates are working to resolve the situation, but the incident highlights the fragility of open-source projects reliant on major platform gatekeepers.
Microsoft has abruptly suspended the Windows Hardware Program developer accounts for two widely used open-source security tools, VeraCrypt and WireGuard. This action effectively blocks their ability to digitally sign drivers and distribute essential updates to a vast user base on Windows operating systems. Developers for both projects reported receiving no advance warning or explanation for the immediate lockout.
Table Of Content
Mounir Idrassi, the principal developer behind the disk encryption software VeraCrypt, publicly disclosed on March 30 via a SourceForge post that Microsoft had unexpectedly terminated the account he utilized for years to sign Windows drivers and the bootloader component.
“I didn’t receive any emails from Microsoft nor any prior warnings,” Idrassi informed 404 Media. A few days later, Jason Donenfeld, the creator of the popular WireGuard VPN protocol, revealed he had encountered an identical account suspension. He also stated he received no notification from Microsoft regarding any new identity verification requirements. VPN provider Windscribe subsequently reported a similar account suspension, suggesting a broader enforcement action by Microsoft.
A valid Microsoft developer account is mandatory for authenticating third-party drivers on Windows 10 and 11. Without a properly signed driver, Windows operating systems will flag it as unsigned and prevent it from loading at the kernel level. This renders new software builds effectively unusable for end-users.
Stricter Verification Rules Implicated in Suspensions
The root cause of these suspensions appears to be Microsoft’s enforcement of more stringent identity verification policies within its Partner Center program. Microsoft initiated tighter multi-factor authentication (MFA) and identity verification requirements starting October 2025, with full API enforcement taking effect on April 1, 2026.
This updated policy mandates that developers undergo re-verification through approved third-party identity verification vendors (IDVs), typically requiring government-issued identification documents. Accounts where identity verification fails and no “Fix now” option is provided are automatically suspended, often without further recourse for the developer.
Crucially, neither Idrassi nor Donenfeld seems to have been informed that re-verification was necessary, leaving both developers unprepared for the account terminations.
The ramifications of these suspensions extend beyond mere administrative inconvenience. VeraCrypt stands as one of the most trusted open-source disk encryption utilities for Windows, relied upon globally by individuals prioritizing privacy, journalists, and various enterprises.

Idrassi has cautioned that if the issue remains unresolved, Windows Secure Boot will prevent VeraCrypt from encrypting system drives as of June 2026, describing the situation as a potential “death sentence for VeraCrypt.”
For WireGuard, the suspension means Donenfeld is currently unable to release updates for WireGuard on Windows. This could leave users vulnerable if a security flaw is discovered before the issue is resolved.
The incident quickly garnered attention within Microsoft. Scott Hanselman, a prominent developer advocate at Microsoft, intervened by directly contacting both developers via email and committing to expedite a resolution.
As of April 9, resolutions are anticipated soon, though both developers are presently navigating a 60-day appeals process with no guaranteed outcome. This episode has reignited discussions about the inherent fragility of critical open-source infrastructure when it depends on the gatekeeping mechanisms of a single vendor.
This incident vividly illustrates a systemic risk: open-source security projects that form the bedrock of global privacy infrastructure remain precariously dependent on opaque, automated enforcement systems managed by large platforms. When these systems malfunction silently and without clear appeal pathways, the downstream consequences for end-user security can be both severe and immediate.
What You Should Do
- For VeraCrypt users: Monitor official VeraCrypt channels for updates. Be aware of potential future compatibility issues with Secure Boot if the signing problem is not resolved by June 2026.
- For WireGuard users: Be aware that new updates for WireGuard on Windows are currently stalled. Ensure your existing WireGuard installation is up-to-date with the last signed version.
- For all Windows users: Exercise caution with any unsigned drivers. Windows is designed to block unsigned drivers for security reasons.
- For open-source developers: Review Microsoft’s Partner Center identity verification policies, especially regarding re-verification requirements, to avoid unexpected account suspensions.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.