Marcus Hutchins, the popular British security researcher, has a new legal headache beyond the criminal charges against him.

Hutchins, AKA "MalwareTech," pleaded not guilty two weeks ago to criminal charges in Wisconsin that accuse him of creating and distributing the Kronos malware that steals banking credentials. Now comes word that his legal defense fund was riddled with illicit donations.

At least $150,000 in donations originated from stolen credit cards or fake credit card numbers, according to Tor Ekeland, a criminal defense attorney who is not on Hutchins' defense team. Ekeland, who became popular in hacking circles for successfully defending Andrew "weev" Auernheimer, had started a legal fund on Hutchins' behalf.

In a telephone call with Ars, Ekeland said the fund's payment processor rejected most of the donations, and any money that got through the processor, from about $5,000 to $10,000, is being refunded out of an abundance of caution.

"We don’t want to take the risk of taking money that is fraudulent," he said. "We're not sure what is legitimate."

He suspects that somebody might have "ran a script with a bunch of bogus numbers."

Hutchins gained notoriety in May for neutralizing the virulent WCry ransomware worm that shut down computers worldwide.

That's why his August 3 arrest—on unrelated charges that he helped produce and spread the Kronos virus—sent heads spinning in the tech community. He was arrested in Las Vegas following the Black Hat and Defcon security conferences.

A six-count Wisconsin federal indictment (PDF) accuses him of developing the Kronos banking trojan and, along with an unnamed co-conspirator, of advertising the malware on the AlphaBay underground online market forum.

He remains free on $30,000 bond pending trial and has pleaded not guilty.