Joshua Armbrust mined $5,895 worth of Ethereum using his former employer’s AWS account, but escaped jail with three years of probation.
A former Digital River employee has been ordered to pay more than $45,000 in restitution to his previous employer after unlawfully using the company’s computer systems to mine cryptocurrency.
Joshua Paul Armbrust, 45, was sentenced Tuesday to three years’ probation by U.S. District Judge Jerry Blackwell after pleading guilty in April to computer fraud charges.
Armbrust’s secret mining plan exposed
According to court documents, Armbrust continued he operated Digital River’s assets for more than a year after leaving the Minnetonka-based e-commerce and payment processing company in February 2020. He mined Ethereum using the credentials of the Amazon Web Services (AWS) company, earning him an income of $5,895 while incurring $45,270 in fees for Digital River.
The activity came to light during an internal investigation by Digital River, which suspended operations in January. Reviewers noticed unusual AWS charges and traced the activity to Armbrust’s IP address. This revealed that he had been consistently running mining scripts on company servers between 6:00 PM and 7:00 AM, long after his departure.
Assistant U.S. Attorney Jordan Endicott said it was “not a temporary error of judgment” but a “calculated and covert misuse of corporate computer resources for private enrichment.”
“The defendant’s conduct goes to the heart of digital trust and security in the modern economy. Companies rely on former employees to act ethically, even after separation, and to respect corporate systems and data. Unauthorized access to corporate cloud infrastructure not only causes financial damage, as in this case, but also exposes sensitive systems to potential compromise and opens the door to more serious cyber threats.”
Desperate or calculated?
Defense attorney William Mauzy described Armbrust’s behavior as driven by desperation rather than greed. Mauzy said Armbrust was under severe financial strain as he cared for his terminally ill mother, who has since died. He added that Armbrust did not try to damage systems, conceal his actions and accepted responsibility for losses.
At the time of his indictment in November 2024, Armbrust lived in Orr, Minnesota. He has since moved to St. Paul, where he now works in the insurance industry. Both the prosecution and defense recommended probation under the plea agreement, citing his clean criminal record and cooperation with authorities.
You might also like:
Judge Blackwell noted that Armbrust’s technical talents could have been lawfully applied, pointing out the wasted potential. The outcome underlines the need for companies to secure access to computing resources and prevent long-term misuse by former employees.
Cryptojacking, also known as malicious cryptomining, still remains a critical threat vector. It is a cyber threat where hackers secretly use a computer or mobile device to mine cryptocurrency. Before its shutdown in March 2019, Coinhive was a widely used cryptojacking tool and estimated to be involved in more than two-thirds of all such attacks.
Binance Free $600 (excluding CryptoPotato): Use this link to register a new account and get an exclusive $600 welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a FREE $500 position on any coin!
#Cryptojacking #Scandal #ExDigital #River #Worker #Exploited #Corporate #Systems #Personal #Ethereum #Profits