(AsiaGameHub) – A German hacker has taken credit for breaching the Malta Gaming Authority (MGA) and promised to reveal the ‘organised crime facilitation schemes’ that the regulator is purportedly engaged in.
Lilith Wittman published her declaration on X following the MGA’s confirmation last week that it was probing a ‘system intrusion’ allegedly perpetrated by someone masquerading as a security researcher.
Dear Malta Gaming Authority,
Yes, I hacked you, and the data obtained has been shared with media partners, authorities,….And yes, we will expose the organized crime enablement schemes you created while presenting yourselves as a “legitimate public service”. pic.twitter.com/Z7EqRnNbCk
— Lilith Wittmann (@LilithWittmann) March 20, 2026
Wittmann stated on X: “Dear Malta Gaming Authority, yes, I breached your systems, and the acquired data has been distributed to media partners, authorities,…
“I am convinced that the retrieved information is so crucial for public debate that its acquisition will someday, in the near future, be regarded as a justified necessity. We will uncover the organised crime facilitation schemes you established while portraying yourselves as a ‘legitimate public service’.”
Wittman continued by expressing her hope that German authorities would ‘for once, be wise and refrain from extraditing me’, cautioning that any intervention by Maltese police would ‘prompt the immediate publication of my complete collection of iGaming-related data’.
In a statement, the MGA acknowledged awareness of the allegations but dismissed them as ‘unsubstantiated’ while denouncing any unauthorised intrusion into its systems.
Who is Lilith Wittman?
Wittman belongs to the Chaos Computer Club, which characterises itself as Europe’s largest hacker collective, concentrating on spotlighting technical and social matters such as surveillance, privacy, and information freedom.
Previously, the group has uncovered vulnerabilities in Apple‘s Touch ID and Germany‘s banking infrastructure, and published the fingerprint of German Interior Minister Wolfgang Schäuble to illustrate the perils of biometric monitoring.
In 2021, Wittman, a security researcher based in Berlin, infiltrated the application of Germany’s governing political party, the Christian Democratic Union (CDU), obtaining access to personal details of more than 20,000 CDU members.
She also maintains ties to both the gaming sector and Malta.
In March 2025, Wittman published a blog entry alleging that information stored by Merkur Group for over one million players was publicly available, encompassing payment details and identification documents.
This data pertained to the merkurbets.de, crazybuzzer.de, and slotmagie.de platforms, operated by various Merkur subsidiaries located in Malta and utilising software from the Maltese firm The Mill Adventures.
At that time, Wittman alerted the German gaming regulator regarding the breach and expressed her view that security deficiencies in the software employed by The Mill Adventure contributed partially to the incident.
On the day of the attack, Merkur acted to remedy the vulnerability and introduce security audits along with supplementary internal protective measures.
Taking a more sinister turn
In contrast to the Merkur and The Mill Adventure incident, Wittman has rapidly levelled allegations of criminal conduct against the MGA.
In reply, the MGA has asserted that it functions within a ‘strong legal and regulatory structure’.
The regulator continued: “[The MGA] performs its statutory duties with integrity, independence, and accountability. Allegations arising from unauthorised system access are unfounded and do not weaken the MGA’s position as a regulator dedicated to transparency, proper procedure, and legal principles.
“For over twenty years, the MGA has functioned within recognised legal and governance structures, and will persist in doing so.”
The MGA characterised Wittman’s actions as ‘unacceptable and inconsistent with legitimate interaction with public bodies and established governance structures’.
Wittman reacted to the statement in a subsequent X post, asserting that assertions of maintaining a strong legal framework would be labelled ‘organised crime structures’ in other nations.
Currently, there is no evidence regarding what data Wittman has accessed, whether she was behind the attack, or what she intends to do with any obtained information.
This article is provided by a third-party. AsiaGameHub (https://asiagamehub.com/) makes no warranties regarding its content.
AsiaGameHub delivers targeted distribution for iGaming, Casino, and eSports, connecting 3,000+ premium Asian media outlets and 80,000+ specialized influencers across ASEAN.