Microsoft Employee Steals over $10 million from Company

Microsoft sign on building

A Microsoft employee originating from Ukraine stole over $10 million from Microsoft. Volodymyr Kvashuk was employed by Microsoft to test their online retail sales platform. He used test accounts to steal Microsoft Currency Stored Value (CSV) mainly in the form of digital gift cards. Kyashuk has been sentenced to nine years in prison.

The Scheme to Defraud

Volodymyr Kvashuk worked at Microsoft from 2016 to 2018 as a tester. His role was to test Microsoft’s online retail sales platform by placing test online orders to ensure the platform functioned correctly.

The platform automatically prevents test online orders from being delivered to the testers. However, Kyashuk discovered that if he made test purchases of CSV, the platform did not block its delivery to testers. Thus, the 26-year-old then stole Microsoft CSV and used it to buy products online.

Initially, between April and October 2017, Kyashuk made relatively small purchases, for a total value of approximately $12,000. For example, he used stolen CSV to buy an Office subscription and a couple of computer graphics cards. However, when he didn’t get caught, he became more daring. Between November 2017 and March 2018, Kyashuk then stole over $10 million worth of Microsoft CSV. He resold this CSV to purchase a $1.6 million lakefront home and a $160,000 Tesla car.

Employee Attempts to Cover Tracks

To cover his tracks, Kyashuk sold the stolen CSV online for Bitcoin with which he opened a Coinbase account. He then cashed his Bitcoin using Coinbase’s cryptocurrency exchange. However, before cashing out the Bitcoins he put them through a cryptocurrency mixing service to try and conceal their origin. The service, aka a cryptocurrency tumbler, mixes tainted cryptocurrency with others to mask the trail back to their source. Tumblers were introduced to improve the anonymity of cryptocurrencies since these currencies hold public ledgers of all transactions.

Furthermore, although Kyashuk first stole CSV using his own test account, he later used colleagues test accounts instead. He did this to coverup the digital evidence, so the thefts and internet sales couldn’t be traced back to him. He was able to find colleagues test account credentials quite easily as these were stored in a shared online document.

Kyashuk also used VPN services in an attempt to cover his tracks. However, he made a couple of crucial errors. He sometimes used the same VPN accounts when he stole using his own test account and his colleagues test accounts. Consequently, investigators were able to link him to the colleagues’ test accounts.

Investigators also found a clear correlation between the amounts Kyashuk received in his Coinbase account and the value of the stolen CSV amounts. “The value of the bitcoin deposits to Kvashuk’s Coinbase account generally correlated with the value of the purchased and redeemed CSV,” the court documents state.

The Sentence

A Department of Justice (DoJ) press release published earlier this week states that Kyashuk was convicted on several counts in February 2020. He was “convicted by a jury of five counts of wire fraud, six counts of money laundering, two counts of aggravated identity theft, two counts of filing false tax returns, and one count each of mail fraud, access device fraud, and access to a protected computer in furtherance of fraud.”

Then earlier this week, Kyashuk was sentenced in the US District Court of Seattle to nine years imprisonment. He was also ordered to pay over $8.3 million in damages and is looking at deportation following his prison term.

No Sign of Remorse

The DoJ press release also states that Kyashuk showed no remorse for his fraudulent actions and showed a flagrant disregard for the law. “Rather than taking responsibility, he testified and told a series of outrageous lies. There is no sign that Kvashuk feels any remorse or regret for his crimes,” quotes the press release.

Even worse was the fact that Kyashuk tried to frame colleagues for the fraud by using their test accounts. These test accounts were used to buy the largest share of the stolen CSV. “Stealing from your employer is bad enough, but stealing and making it appear that your colleagues are to blame widens the damage beyond dollars and cents,” US attorney Brian Moran said in the DoJ press release.

Information technology expert
Grace is an information technology expert who joined the VPNoverview team in 2019, writing cybersecurity and internet privacy-based news articles. Due to her IT background in legal firms, these subjects have always been of great interest to her.