A collective of white-hats calling themselves launched a live disassembly of IDA Pro itself on Twitch. 200,000 viewers watched as the streamers uncovered the truth: the update had installed a lightweight, obfuscated daemon that beaconed home every 15 minutes, sending hardware IDs, a list of running processes, and—most damning—the file names of every binary ever loaded into the software.
The internet didn’t buy it.
For the 50,000 people who clicked “Update Now” on IDA Pro—the legendary, gold-standard disassembler used by malware analysts, government agencies, and hardcore game modders—nothing seemed amiss. The progress bar filled. The hex editor refreshed. The world kept spinning.
The damage, however, was done. The viral content had created a new verb: “To get IDA’d” — meaning to have your trust betrayed by your most fundamental tool. IDA Pro 7.2 Leaked Update Download Pc
// Removed the monetization module. Also, Steve says sorry.
If you were a security researcher in 2026, that meant every piece of malware you analyzed, every game you tried to crack, and every proprietary driver you worked on had just been quietly exfiltrated to a server in Luxembourg.
Hex-Rays, the Belgian company behind IDA Pro, went into full crisis mode. Their first response—a dry, corporate statement posted to their forum—was mocked into oblivion. They claimed the comment was a “stale development artifact” from a junior employee “conducting a market survey.” A collective of white-hats calling themselves launched a
As for IDA Pro? It survived. It always does. But for one glorious, terrifying week in October, a boring software patch became a global parable. The hackers had been hacked. The watchers had been watched.
In the aftermath, the open-source project saw a 900% spike in GitHub stars. Ghidra released a “one-click migration tool.” And @RevEng_TrashPanda, the original poster, sold their screenshot as an NFT for 40 Ethereum, funding a new non-profit dedicated to software transparency.
Then, at 11:47 AM GMT, a user on X (formerly Twitter) with the handle @RevEng_TrashPanda posted a single screenshot. It wasn’t a complex exploit or a zero-day vulnerability. It was a of a freshly disassembled Windows DLL. For the 50,000 people who clicked “Update Now”
On Thursday, Hex-Rays pulled the update. They released a “rollback patch” that was, ironically, larger than the original update. Inside its disassembly, a new comment was found, presumably left by a furious competitor or a heroic insider:
The comment read: // TODO: Ask legal if we can sell user PC hashes to ad networks. – Steve, Q3
And somewhere, in a deleted commit log, the ghost of “Steve” chuckled—a silent, hexadecimal laugh echoing through the very tool that was meant to reveal all secrets.
Within an hour, “Steve from IDA” was trending globally.