Mounir Idrassi, the developer behind the widely used open-source encryption tool VeraCrypt, has issued a stark warning: Microsoft’s abrupt termination of his developer account could soon leave Windows users unable to access their encrypted systems. In a March 30 online post, Idrassi stated that Microsoft “terminated the account I have used for years to sign Windows drivers and the bootloader,” offering no explanation or appeal process. Based in Japan, he attempted to contact the company but failed to reach any human representative.
The core issue stems from Microsoft’s security re-verification requirements for developer accounts. Without access to his account, Idrassi cannot apply new digital signatures to VeraCrypt’s bootloader. He predicts that many devices running the software will become unbootable if this situation persists, as Microsoft plans to revoke the certificate authority used to sign the current version. “Users who have enabled system encryption with VeraCrypt may face boot issues after July 2026 because Microsoft will revoke the [certificate authority] that was used to sign the VeraCrypt bootloader,” Idrassi explained. “A new Microsoft CA must be used for bootloaders to continue working.”
VeraCrypt, which allows users to encrypt individual files or entire operating systems to protect against pre-boot attacks, boasts significant adoption. The latest Windows version, released in May 2025, has seen nearly a million downloads of its installer file. This incident underscores the considerable power tech giants wield over software distribution on their platforms, exposing users to risks when relying on third-party accounts that can be revoked under mutable rules.
Idrassi emphasized that for now, affected users need not take any special action, as VeraCrypt continues to function without identified security flaws. However, he warned that those using system encryption—which scrambles the entire OS until a password is entered—could start experiencing boot problems around late June, with critical failures likely after July 2026. “If the issue is not resolved by then, it would essentially mean a death sentence for VeraCrypt,” he told TechCrunch.
While Idrassi can still push updates unhindered to Linux and macOS users, the majority of his user base on Windows remains cut off from new releases. This disparity highlights the platform-specific dependencies that open-source projects often face. Microsoft did not provide an immediate comment when contacted about the account termination.
This case joins a growing list of automated account lockouts by major corporations. Earlier this year, developer Paris Buttfield-Addison was locked out of their Apple account after redeeming a gift card they believed was fraudulent, purchased from a large retailer. Buttfield-Addison managed to regain access only after their story gained viral attention, illustrating the opaque and often unforgiving nature of these systems.
The VeraCrypt situation serves as a critical reminder for developers and users alike: reliance on centralized platforms for essential functions like code signing introduces single points of failure that can jeopardize entire software ecosystems. As deadlines loom, the community watches to see if Microsoft will reverse course or if VeraCrypt’s Windows future will indeed be cut short.
