back to article Ex-Microsoft dev used test account to swipe $10m in tech giant's own store credits, live life of luxury, Feds allege

A former Microsoft software engineer was arrested on Tuesday and charged with mail fraud for allegedly attempting to steal $10m in digital currency from his former employer, US prosecutors said today. Volodymyr Kvashuk, 25, a citizen of Ukraine residing in Renton, Washington, initially worked for Microsoft as a contractor and …

  1. Anonymous Coward
    Anonymous Coward

    I wonder if he'll be able to pay any fines or restitution in bitcoin?

    1. Anonymous Coward
      Anonymous Coward

      Typically they require

      Repayment of the proceeds from all ill gotten gains, and any fines are paid after. Even if you for instance bought $1 million worth of stock that went up to $2 million you have to give up the full $2 million. So goodbye Tesla, goodbye house, and goodbye all bitcoin he may have whether they've gone up or down in value since he bought them.

      1. MJB7

        Re: Typically they require

        And I'm pretty sure the restitution is a heads-you-win, tails-I-lose deal. If the stock went up to $2M he owes $2M; if it fell to $.5M, he owes the original $1M.

        1. MonkeyCee

          Re: Typically they require

          There was a fraudster in NZ who defrauded the government (~20 identites used for benefits) of several million over a couple of decades.

          He'd invested the money in various things, many of which had produced very high returns. Apple stock etc.

          His brief argued that he should only have to pay back the stolen amount plus interest, plus the fines.

          Can't recall what the judge ordered, but he did suggest that the government super fund consider hiring the guy as an investment advisor.

      2. Anonymous Coward
        Anonymous Coward

        Re: Typically they require

        It's only goodbye Bitcoin if they can a) prove he owns a specific set of keys and b) can get those keys off him.

        Unless he was daft and left the keys on a seized laptop, his Bitcoin are quite safe.

        If his OPSEC was good, his Bitcoin are fine.

        1. Doctor Syntax Silver badge

          Re: Typically they require

          "If his OPSEC was good, his Bitcoin are fine."

          If his OPSEC was good he wouldn't have been found out.

        2. Arctic fox
          Headmaster

          @AC Re "If his OPSEC was good, his Bitcoin are fine."

          Oh indeed, if his OPSEC was good his Bitcoins will be fine. However, he won't be when it comes to sentencing because if he fails, upon conviction, to cooperate fully with restitution the judge will throw the sentencing book at him. He will get max, and it will be many a long year before he gets any opportunity to continue to spend his ill-gotten gains.

        3. Anonymous Coward
          Anonymous Coward

          Re: Typically they require

          Any judgements against him for remaining amounts will remain in force, so he can't simply wait until he gets out of jail and then spend the bitcoin. If he starts 'living above his means' he'll be noticed, and back in front of a judge pretty quickly. It is no different than if he'd buried $1 million in cash in some secret place, and bought himself a new car shortly after getting out of prison.

          But your post is further proof that bitcoin is basically only useful for crime.

  2. ridley

    'Merica is a strange place.

    20 years and up to a $250,000 fine. For that amount of time I would expect the potential fine to be in the many millions.

    1. Trixr

      I dunno, think about all those fines and jail terms for those banksters who caused the GFC.

      ...oh, that's right, that's zero, because no-one's been brought to trial.

      1. DCFusor

        That's because the bankers were smart enough to buy law (or repeal of regs) to make their actions legal before the crash. The biggest ones get away.

    2. phuzz Silver badge

      He'd have got less time than that for attacking a person. But in America, corporations are more important than people.

    3. Aristotles slow and dimwitted horse

      Maybe, but he'll never live down the fact that he got FISTed by Microsoft, as opposed to the rest of us poor users that merely get shafted.

    4. jmch Silver badge

      "For that amount of time I would expect the potential fine to be in the many millions"

      The fine would be over and above restitution

    5. Kev18999

      That's the maximum federal fine unless you defrauded the government then there's a different set of fine levied. He will be sued by Microsoft in a civil trial for much greater restitution.

      1. ocflyfish

        "That's the maximum federal fine unless you defrauded the government then there's a different set of fine levied. He will be sued by Microsoft in a civil trial for much greater restitution."

        And don't forget the IRS will be knocking on his door for tax evasion, in addition for penalties/fees for not declaring his illegal income. Yes, he is in quite a pickle.

    6. Anonymous Coward
      Anonymous Coward

      And, not or...

  3. Phil Kingston

    FIST phnarr phnarr

    1. Wokstation

      I'm glad it wasn't just me!

  4. Claverhouse
    Mushroom

    Redmond Delendo Est

    Good luck to him. Rather like a bent Mob accountant succumbing to overwhelming temptation, his sins are venial.

    Not to mention, stealing virtual items of imaginary value, the 'owners' can put their own valuation on such an item --- just like those Asian nuts who trade in virtual game items like swords. You take my imaginary sword and I can claim a loss of £10 or £100,000.

    1. phuzz Silver badge

      Re: Redmond Delendo Est

      You can buy stuff from their store that you can also buy from a physical shop, so it's pretty easy to put a 1:1 valuation on that. eg if you can buy a copy of Halo for M$20 and the RRP in other stores is $20.

      Of course, he probably had to forfeit a big chunk of that value when he laundered it.

  5. BaronMatrix

    Stop stealing from your company

    Wow, so it's still happening... It's not enough to work at MS and ge all the perks PLUS a six figure salary... When I was there in the 2000s, one of the admins on a team I was on stole millions in Server and SQL... It was a real common thing.. A friend gt busted after removing all the "good" HW from his lab machine and replacing it with his own "not-so-good" HW...

    Even worse. he was only there a week or so and they caught him redhanded stealing a POWER STRIP...

    1. Anonymous Coward
      Anonymous Coward

      Re: Stop stealing from your company

      ...one of the admins on a team I was on stole millions in Server and SQL...

      Stealing millions of bytes? We do that a lot on the server.

      /Coat

    2. Snorlax Silver badge

      Re: Stop stealing from your company

      If somebody’s stealing random stuff like computer parts and power strips, they’re probably an impulse control disorder like kleptomania.

      Or they’re building a sweet bitcoin mining rig...

  6. Anonymous Coward
    Anonymous Coward

    Idiot

    You steal the digital virtual goods, nobody cares about that

    The you move back to Ukraine and convert them into real $$$ out of the reach f the US cops, like I did would

    1. Trixr

      Re: Idiot

      It's true that most crims are idiots, because they can't get a gainful income any other way.

      Yep, in his shoes, I would have bought the house or some other asset that can be readily converted to cash, flipped it quicky (assuming a profit), and then calmly resigned and departed back to Ukraine with my ill-gotten gains.

      1. Alan Brown Silver badge

        Re: Idiot

        That was probably his intent.

        Note that the tip off happened elsewhere - lots of xbox purchases happening using CSV, where the trail eventually led back to him - his activities weren't directly detected

  7. Anonymous Coward
    Anonymous Coward

    someone has to say it

    He knows he's been FIST'ed

    1. Psmo
      Headmaster

      Re: someone has to say it

      Somebody already mentioned it.

      You got FIRSTED. (Although what's with the groc'ers apostrophe?)

  8. Flywheel

    Bug Bounty?

    Surely he'd just revealed an (enormous) bug and should therefore be rewarded with a pat on the back and $10K ?

    1. Psmo
      Thumb Up

      Re: Bug Bounty?

      I'm sure they can knock $10k off the $10M+$250k bill as a gesture.

      A one-fingered gesture.

      No not that one.

  9. davcefai

    Privacy

    "Microsoft's online store uses a form of device fingerprinting called a Fuzzy Device ID. Investigators, it's claimed, linked a specific device identifier to accounts associated with Kvashuk."

    So they spy on you even from the store. Isn't this a breach of privacy?

  10. Displacement Activity
    Meh

    He got caught because of "service provider records that point to Kvashuk", and because he used a device with a "specific device identifier"? Seriously? What a plonker.

    And Microsoft pays $116,000 (£93K) for a testing job? WTF? You'd think they could produce some useful software for that sort of money.

    And I'm not quite sure what the problem is with having assets of $1.76M on a salary of $116K. That's a multiplier of 15, which doesn't sound like it's completely out of the question. Unless you're a banker, of course, in which case it's way too low.

    1. Alien8n

      Not out of the question if he'd been working there for most of his life maybe, but since he's only 25 and worked for Microsoft for 2 years, I'm fairly sure that's what flagged him as the culprit.

      It's like the third Superman movie where Richard Pryor's character steals all the fractional transactions and adds them to his own salary. Then turns up to work the next day in a brand new Ferrari.

  11. Snorlax Silver badge
    Thumb Up

    Fraud Investigation Strike Team

    I was going to make a tasteless comment about Volodymyr's prison sex life, but it appears I've been beaten to the punch by several other commentards...

  12. badger31

    Let me get this straight

    Microsoft disabled the purchasing of physical goods but allowed unlimited digital purchases ... including digital cash? Damn. This guy got greedy/stupid, but I bet there's a few worried devs at Microsoft right now that spotted this problem and chose to exploit it a little rather than report it.

  13. Ken Moorhouse Silver badge

    "Microsoft did not anticipate testers would make test purchases of digital currency"

    I wonder what they would make of finding bear poo in the woods.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like