TLDR
- The man mined $5,895 worth of ETH using former employer’s AWS servers nightly.
- Digital River incurred over $45,000 in cloud service fees from the scheme.
- He received three years’ probation and must repay the full damages.
- The cryptojacking operation ran nightly for about a year undetected.
A Minnesota man managed to avoid jail after being caught mining Ethereum using his former employer’s cloud servers. Although the operation ran nightly for nearly a year and caused $45,000 in damage, the total profits reached just under $6,000. The individual, who cited financial hardship and personal responsibilities, was sentenced to probation and restitution rather than incarceration.
Former Employee Exploits Corporate Cloud Access
Joshua Paul Armbrust, a former employee of the Minnesota-based firm Digital River, used his retained credentials to access the company’s cloud systems. After leaving the company, he began running mining software on Amazon Web Services (AWS) accounts tied to the firm.
Authorities said the mining activity took place between 6 PM and 7 AM each day for approximately one year. During these hours, Armbrust used Digital River’s cloud infrastructure to mine Ethereum without authorization.
The company eventually detected abnormal activity and reported the case to authorities. Investigators traced the unauthorized mining activity back to Armbrust, who admitted to his actions when confronted.
$45,000 in Losses, Less Than $6,000 Earned
Though the cryptojacking operation ran for months, it brought in only $5,895 worth of Ethereum. Meanwhile, the cost to the company was far higher. Cloud service charges, mainly through AWS, totaled more than $45,000 during that time.
According to court documents, Armbrust used the funds to support his ill mother. His willingness to take responsibility and lack of efforts to conceal his actions factored into the court’s decision to issue a lighter sentence.
Assistant U.S. Attorney Bradley Endicott noted, “The defendant’s conduct strikes at the core of digital trust and security. Companies rely on former employees to act ethically.”
Armbrust was sentenced to three years of probation, during which he must pay back the full amount of damages caused to Digital River. He avoided jail, but the restitution order and supervision period reflect the seriousness of the offense.
Cryptojacking Crimes on the Rise
Cryptojacking, the act of secretly using someone else’s computer systems to mine cryptocurrencies, is not new. However, its occurrence continues to grow, especially during times of economic uncertainty.
Experts say that these attacks often go undetected when conducted at low levels. Because cloud services can be scaled and billed automatically, unauthorized usage can fly under the radar for extended periods.
In this case, the former employee had enough access to exploit the system for months. It serves as a reminder for companies to revoke all credentials promptly when employees leave.
Cybersecurity professionals have warned that as financial pressures increase, more individuals may turn to small-scale crimes like this one. They urge organizations to monitor cloud systems closely and review account activity regularly.
Probation and Restitution Over Incarceration
Though Armbrust’s actions breached trust, the court chose a non-custodial sentence. Several factors influenced the decision, including his cooperation and personal circumstances.
The court recognized that the financial benefit was small compared to the damages. However, it also emphasized the need for accountability. Armbrust’s sentence includes full repayment of losses and strict supervision during his probation period.
This case adds to a growing number of cryptojacking incidents tied to former employees with access to cloud infrastructure. It also raises concerns about how companies manage offboarding and access controls.
Digital River has not commented publicly on the outcome but has likely reviewed its internal access protocols in response.
