tl;dr
A former Digital River employee faced $45K in penalties and probation for secretly using company AWS resources to mine Ethereum, highlighting risks of cryptojacking and corporate cybersecurity vulnerabilities.
**Former Digital River Employee Sentenced for Unauthorized Crypto Mining, Ordered to Pay $45K**
A former employee of Digital River, a Minnetonka-based e-commerce and payment processing company, has been ordered to pay over $45,000 in damages and received three years of probation after unlawfully using the firm’s computing resources to mine cryptocurrency. Joshua Paul Armbrust, 45, pleaded guilty in April to a felony computer fraud charge and was sentenced by U.S. District Judge Jerry Blackwell on Tuesday.
According to court documents, Armbrust exploited Digital River’s Amazon Web Services (AWS) credentials to mine Ethereum for more than a year after he left the company in February 2020. Despite his departure, he continued running mining scripts on the firm’s servers between 6 p.m. and 7 a.m., avoiding detection for months. The scheme generated $5,895 in illicit earnings for Armbrust but cost Digital River $45,270 in unauthorized cloud expenses.
The breach was uncovered during an internal investigation by Digital River, which had shut down operations in January 2024. Investigators noticed suspicious AWS fees and traced the activity to Armbrust’s IP address. The company’s review revealed the prolonged misuse of its infrastructure, prompting a criminal indictment.
Assistant U.S. Attorney Jordan Endicott described Armbrust’s actions as a “calculated and covert misuse of enterprise-level computing resources for private enrichment.” He emphasized the broader implications, stating that such behavior undermines digital trust and exposes companies to cybersecurity risks. “Unauthorized access to corporate cloud infrastructure not only creates financial harm but also opens the door to more severe cyber threats,” Endicott said.
Armbrust’s defense attorney, William Mauzy, argued that the former employee acted out of desperation rather than greed. Mauzy highlighted that Armbrust was caring for his terminally ill mother at the time and had no intent to damage systems or hide his actions. He noted Armbrust’s cooperation with authorities and clean record, which led to a plea deal recommending probation.
Judge Blackwell acknowledged Armbrust’s technical skills but criticized the misuse of his talents. “His conduct wasted potential and underscores the need for companies to secure access to computing resources,” the judge remarked.
The case highlights the persistent threat of cryptojacking, a cybercrime where hackers secretly use devices to mine cryptocurrency. Tools like Coinhive, which was linked to over two-thirds of cryptojacking attacks before its shutdown in 2019, exemplify the risks posed by such activities.
Armbrust, who was living in Orr, Minnesota, at the time of his indictment in November 2024, now resides in St. Paul and works in the insurance sector. The case serves as a cautionary tale for businesses to tighten cybersecurity measures and for employees to adhere to ethical boundaries, even after leaving an organization.