Ex Microsoft employee Volodymyr Kvashuk was arrested this week amid allegations of digital currency theft to the tune of $10 million. U.S. attorneys for the Western District of Washington suspect the Ukrainian-born resident used a Bitcoin mixer to cover up his tracks.
Kvashuk, who was in charge of the companies online sales platform, was entrusted to test customer purchases in a simulated environment. The test environment only blocked physical deliveries, however, and the security team failed to prevent purchases of gift cards.
The talented engineer quickly took advantage of this flaw using company funds to buy Bitcoin-denominated gift cards. He subsequently resold them online to fund an extravagant lifestyle:
The complaint alleges KVASHUK resold the value on the internet, using the proceeds to purchase a $160,000 Tesla vehicle and a $1.6 million dollar lakefront home.
Bitcoin is not fully anonymous, thanks in large part, to widespread reporting on mainstream media. It’s fairly easy to follow the money via a Bitcoin blockchain explorer . That and Know Your Customer (KYC) laws on fiat exchanges makes it a lot harder to commit fraud.
A Bitcoin mixer, also known as a Bitcoin tumbler, is designed to confuse spying eyes. You send your Bitcoin to a third party, it mixes them with a number of other users’ coins and supposedly returns the same amount of now randomized coins.
Deposit your laundered coins in a new wallet address and voilà, you break the link to your online transaction history. That’s all theoretical of course. Authorities have already caught on. Along with the following example of unwanted attention, evidence also suggests that Bitcoin mixers are not very reliable.
It appears that only an idiot would use Bitcoin, in particular, to try and commit large-scale fraud.
Kvashuk reportedly started out stealing gift cards of around $10 000 but greed got the better of the man. Before long he was moving millions of dollars worth of currency stored value (CSV), the release states.
To keep the scam going, the engineer even used test accounts from other employees to simulate multiple pretend purchases. Kvashuk was eventually flagged after Microsoft’s appropriately titled FIST (Fraud Investigation Strike Team) caught a whiff of a large number of CSV purchases for subscriptions to its Xbox gaming service.
The U.S. Secret Service and the IRS’s Cyber Crime Unit are currently investigating the case. Kvashuk is potentially looking down a steep 20-year prison sentence and a $250,000 fine.