Microsoft employee sentenced to 20 years in prison for stealing $10M USD from the company

Internal security threats have become a serious problem for technology firms. Ethical hacking specialists report that a former Microsoft software engineer has been convicted of at least 18 crimes after stealing $10 million USD in cryptocurrency from the company.

Volodymyr Kvashuk, 25, is a Ukrainian citizen residing in the US that worked for Microsoft between 2016 and 2018, when he was fired due to this fraud. Kvashuk has been convicted of five electronic fraud charges, six money laundering offences, two counts of aggravated identity theft, two false tax returns and one postal fraud. In addition, a charge for improper access to electronic devices and access to protected computer equipment was included.

The defendant was allegedly involved in Microsoft’s retail testing platform. Taking advantage of his position, he misused this access to extract the company’s virtual assets through a complex scheme involving the use of digital gift cards, ethical hacking specialists mention.

Kvashuk subsequently resold these cards on the Internet using cryptocurrency transactions. At first the defendant carried out operations for small numbers, although he eventually upped the ante, eventually stealing millions of dollars. According to court reports, the defendant bought a vacation home worth more than $1 million USD, plus a $160k USD Tesla car.

As the stolen amounts grew more and more, Kvashuk began using the test email accounts associated with other employees, trying to cover their tracks. In addition, the defendant used a cryptocurrency “mixing” service to make it difficult to detect their transactions.

The defendant remained active for more than seven months, filing forged tax returns to prove his unusual income to US tax authorities.  

Finally, ethical hacking specialists mentioned that Kvashuk’s fraudulent scheme was discovered and dismantled by the IRS-CI Cybercrime Unit. Thanks to the investigation of this Unit, Kvashuk was arrested and prosecuted; after deliberating for more than five hours, the jury found him guilty, the International Cyber Security Institute (IICS) says.