A former software engineer has been sentenced to three years of probation after illegally using his past employer’s cloud infrastructure to mine cryptocurrency, resulting in significant financial losses for the company.
Joshua Paul Armbrust, 45, formerly employed at the e-commerce firm Digital River, pleaded guilty to computer fraud, a felony offense. The sentencing was handed down by U.S. District Judge Jerry Blackwell in Minnesota, following Armbrust’s admission of guilt in April. Prosecutors detailed that Armbrust, despite having left the company in February 2020, continued to exploit Digital River’s Amazon Web Services (AWS) cloud account for unauthorized crypto mining operations from December 2020 through May 2021.
According to court documents, Armbrust installed a cryptocurrency mining program on the company’s cloud servers, using substantial computing power and electricity at the company’s expense. The unauthorized operation cost Digital River over $45,000 in cloud service fees, while Armbrust personally profited approximately $5,800 in Ethereum during that time.
This type of crime, known as cryptojacking, involves the illicit use of someone else’s computing resources—typically without their knowledge or consent—to generate cryptocurrency. Though often associated with hackers who exploit vulnerabilities in unsecured systems, this case highlights that even trusted insiders can perpetrate such schemes.
Authorities emphasized that the breach was not a one-time lapse but rather a sustained and deliberate misuse of corporate resources. Armbrust remotely accessed the AWS account on multiple occasions, a pattern of behavior that prosecutors described as calculated and deceptive.
Although the financial gain for Armbrust was relatively modest compared to the amount of damage inflicted, the court considered several mitigating factors in determining his sentence. Instead of prison time, the judge imposed a term of probation, which will include regular monitoring and restrictions on his access to certain technologies.
The case underscores the growing risks businesses face when employees retain access to critical infrastructure after their departure. It also raises concerns over the security protocols companies use to manage cloud-based systems and the importance of revoking access credentials promptly when staff members leave.
Legal experts note that while Armbrust avoided incarceration, the felony conviction will have long-term consequences. It may affect his ability to work in the tech industry again, particularly in positions involving access to sensitive systems or data.
Cybersecurity analysts see this case as a wake-up call for organizations to strengthen internal controls. Routine audits of access logs, multi-factor authentication, and rigid offboarding procedures are essential to prevent similar incidents. Companies are encouraged to employ zero-trust security models, where no user is automatically trusted, regardless of their previous role or status.
From a technological standpoint, cloud service providers such as AWS offer detailed usage tracking and anomaly detection tools that can alert administrators to unusual patterns, such as sudden surges in processing power or network usage. Experts argue that better utilization of these tools could help detect cryptojacking attempts earlier.
The rise in popularity of cryptocurrencies has made mining an attractive target for cybercriminals due to its potential for profit and the ability to remain pseudonymous. However, mining requires substantial computing power, making it appealing for bad actors to hijack corporate infrastructure to avoid personal costs.
Cryptojacking not only leads to financial losses but can also degrade the performance of legitimate services, expose companies to regulatory scrutiny, and damage reputations. As the industry evolves, legal frameworks and corporate policies must adapt to address these emerging threats.
In response to the incident, Digital River is reportedly reviewing its internal policies and implementing stronger security measures to prevent future breaches. The company has not disclosed whether it will pursue civil action against Armbrust for restitution.
Armbrust’s case adds to a growing list of insider threats in the tech sector, where the line between authorized access and criminal misconduct can become dangerously blurred. Organizations must balance trust and verification while protecting their digital assets in an increasingly complex security landscape.
As for Armbrust, the probationary sentence may offer an opportunity for rehabilitation, but the mark of a federal felony conviction will follow him indefinitely. The case serves as a cautionary tale to IT professionals about the legal and ethical boundaries of system access—and the consequences of crossing them.