Former employee accused of “Cryptojacking”: over $45,000 stolen

A former employee of a company in Minnesota has admitted to having engaged in “cryptojacking“, an increasingly common form of cybercrime that aims to exploit others’ computing power for personal purposes.

Joshua Paul Armbrust has therefore illicitly used company IT resources to mine cryptocurrencies, causing economic damages exceeding 45,000 dollars. 

A hidden activity behind the network: the accusation of Cryptojacking

Armbrust, 44 years old, originally from Orr, in northern Minnesota, pleaded guilty before the United States District Court on Tuesday, confirming that he committed computer fraud against his former company.

Armbrust had left his job at Digital River, a global e-commerce and payment services company based in Minnetonka, in February 2020. However, according to court documents, he continued to access the company’s computer systems without authorization for well over a year after his resignation.

What does Cryptojacking mean?

The term cryptojacking refers to a form of cyber attack through which an entity abusively uses third-party devices or IT infrastructures to mine cryptocurrencies, such as Bitcoin or Ethereum, without the owner’s consent.

In this case, Armbrust remotely accessed the Amazon Web Services (AWS) account of Digital River between December 2020 and May 2021. Thanks to this connection, he managed to initiate Ethereum mining processes using the company’s robust cloud infrastructure, which, naturally, inadvertently covered the very high electronic and computational costs of such operations.

Hidden profits in digital wallets

According to the accusation, illegally collected Ethereum was transferred to a wallet digitale and subsequently to two accounts at Coinbase, a well-known platform where it is possible to buy and sell cryptocurrencies. Both accounts were registered exclusively to Joshua Armbrust.

Once converted into traditional currency, the total value of the liquid Ethereum exceeded 7,000 dollars, an amount that the former employee then deposited into their bank account. However, the economic impact for the company was much higher, as Digital River incurred costs exceeding 45,000 dollars to power the processing needed for “mining“.

From complaint to federal investigation

The investigation was entrusted to the FBI, which made the charges public in October, at which time Armbrust was briefly incarcerated. After his first hearing in November, he was released under judicial supervision, a situation that was confirmed during the guilty plea. Judge Jerry Blackwell decided to keep the bail in effect pending the sentencing, the date of which has not yet been set.

The charge of computer fraud, as listed in the indictment, carries a maximum sentence of five years of imprisonment.

Digital River: a crisis that adds to the sentence

The case arises at a particularly delicate moment for Digital River, which recently announced, in the month of January, the cessation of activities. This decision led to the layoff of 122 employees from the company headquarters in Minnesota, ending a long experience that began in 1994.

The story of Armbrust represents a bitter conclusion for a company that for years has been a key player in the global e-commerce sector. The decision of a former collaborator to act against their employers has added further difficulties to an economic and operational context already in deep crisis.

Cybercrime on the rise: a phenomenon to monitor

Experts emphasize how cryptojacking represents a growing threat in the corporate environment. Unlike other more visible cyber attacks, this technique acts silently and can be difficult to detect in time. The damage caused is not only economic but also involves data security and internal trust from staff towards IT systems.

In the case of Digital River, the unauthorized use of AWS resources by a person who, officially, was no longer part of the staff, raises fundamental questions about corporate access management and the security measures applied to cloud systems.

A lesson for the future

The story of Joshua Armbrust offers an important point of reflection on the topic of corporate cybersecurity. Even after the end of the professional relationship, a former employee can represent a potential vulnerability if rigorous and immediate checks on their access are not carried out.

At the same time, the incident demonstrates how the illicit use of digital tools for personal purposes does not go unpunished and how the U.S. federal authorities are increasingly active in combating cybercrimes related to cryptocurrencies.

Awaiting the final verdict, the case of Armbrust now fully ranks among the most discussed recent examples of digital crime in the United States.