Cryptojacking Scandal: Ex-Digital River Worker Exploited Company Systems for Personal Ethereum Gains

A former Digital River employee has been ordered to pay more than $45,000 back to his previous employer after unlawfully using company computing systems to mine cryptocurrency.

Joshua Paul Armbrust, 45, was sentenced Tuesday to three years’ probation by US District Judge Jerry Blackwell, following his April guilty plea to a felony computer fraud charge.

Armbrust’s Covert Mining Scheme Exposed

According to court filings, Armbrust continued exploiting Digital River’s resources for over a year after leaving the Minnetonka-based e-commerce and payment processing firm in February 2020. He mined Ethereum using the company Amazon Web Services (AWS) credentials, which fetched him an earnings of $5,895 while incurring $45,270 in costs to Digital River.

The activity was uncovered during an internal investigation by Digital River, which shut down operations in January. Reviewers noticed unusual AWS fees and traced the activity to Armbrust’s IP address. This revealed that he had consistently run mining scripts on company servers between 6 p.m. and 7 a.m., long after his departure.

Assistant US Attorney Jordan Endicott said that it was “not a momentary lapse in judgment” but a “calculated and covert misuse of enterprise-level computing resources for private enrichment.”

Desperate or Calculated?

Defense attorney William Mauzy described Armbrust’s conduct as driven by desperation rather than greed. Mauzy said Armbrust faced severe financial pressure while caring for his terminally ill mother, who has since passed. He added that Armbrust did not attempt to damage systems, hide his actions, and accepted responsibility for losses.

At the time of his indictment in November 2024, Armbrust was living in Orr, Minnesota. He has since moved to St. Paul, where he now works in the insurance sector. Both the prosecution and defense recommended a probation sentence under the plea deal, citing his clean record and cooperation with authorities.

Judge Blackwell remarked that Armbrust’s technical talents could have been applied lawfully, pointing to the wasted potential. The outcome underscores the need for companies to secure access to computing resources and prevent long-term misuse by former employees.

Cryptojacking, also called malicious cryptomining, still remains a critical threat vector. It’s a cyber threat where hackers secretly use a computer or mobile device to mine cryptocurrency. Before its shutdown in March 2019, Coinhive was a widely used cryptojacking tool and was estimated to be involved in more than two-thirds of all such attacks.

The post Cryptojacking Scandal: Ex-Digital River Worker Exploited Company Systems for Personal Ethereum Gains appeared first on CryptoPotato.