Community Trust ScoreVerified
A former engineer at e-commerce firm Digital River has been sentenced to three years of probation after pleading guilty to illegally mining cryptocurrency using his former employer’s cloud computing servers. The mining activity reportedly cost the company over $45,000 in AWS fees while earning the engineer just $5,800 in Ethereum.
According to the U.S. Attorney’s Office for the District of Minnesota, Joshua Paul Armbrust, 45, pled guilty to one count of computer fraud earlier this year. U.S. District Judge Jerry Blackwell handed down the sentence on Tuesday, following Armbrust’s admission that he had accessed the company’s Amazon Web Services (AWS) account without authorization to run a crypto-mining operation.
Mining Ethereum Using Employer’s Servers
Court documents revealed that Armbrust, who resigned from Digital River in February 2020, continued accessing the company’s cloud infrastructure between December 2020 and May 2021. During this period, he used AWS instances to mine Ethereum (ETH)—a process requiring extensive computing power and resulting in high cloud service fees.
“Armbrust remotely accessed the company’s Amazon Web Services account on multiple occasions without authorization and utilized AWS computers to mine Ethereum cryptocurrency,” the Department of Justice (DOJ) said in a statement.
The unauthorized mining operation incurred $45,270 in AWS costs, while Armbrust personally gained about $5,800 worth of ETH, which he later converted for his own use.
Defense: “Desperation and Distress” Behind the Crime
Defense attorney William J. Mauzy said that Armbrust’s actions occurred “during a time of extreme financial need and considerable emotional distress.” At the time, Armbrust was reportedly caring for his terminally ill mother, who has since passed away.
Mauzy emphasized that his client was not a malicious hacker, describing him instead as someone “acting out of desperation and despair.” He added that Armbrust made no effort to conceal his activity and took full responsibility for the damages caused.
Despite the defense’s plea for leniency, prosecutors maintained that the engineer’s actions represented a deliberate and repeated misuse of company resources for personal gain, not a momentary lapse in judgment.
Company Impact and Broader Fallout
Digital River reported significant financial losses from the unauthorized mining activity, including inflated AWS costs and operational disruptions. The company has faced a turbulent few years financially, culminating in the insolvency of its German subsidiaries earlier this year.
According to filings at the Cologne Insolvency Court, Digital River’s German units sought protection in January 2025 after losing access to a key revolving credit facility. The company has since closed its Minnesota headquarters and suspended most of its global services.
Armbrust’s actions reportedly took place during overnight hours, between 6 p.m. and 7 a.m., to avoid detection. He redirected the mined Ethereum into a personal wallet, further confirming intentional misuse of company assets.
The Broader Issue: Cryptojacking on the Rise
The Department of Justice referred to Armbrust’s actions as a form of “cryptojacking” — a type of cybercrime in which individuals or groups use someone else’s computing resources to mine digital assets without consent.
Cryptojacking incidents have surged globally in recent years as crypto prices rise. According to the DOJ’s 2024 cybercrime report, such attacks often target enterprise-level servers, cloud infrastructure, and even government networks due to their high computing capabilities.
Armbrust’s case also highlights how proof-of-work mining, which Ethereum relied on before its September 2022 transition to proof-of-stake, demanded immense computing power and electricity — making it costly for individuals to mine legally.
Crypto Crime Trends Continue in 2025
The sentencing comes amid growing scrutiny of crypto-related cybercrimes. In a separate case last week, two MIT-educated brothers faced trial in New York for allegedly stealing $25 million in Ethereum within 12 seconds using a maximal extractable value (MEV) exploit.
Meanwhile, Google’s Threat Intelligence Group recently reported a rise in North Korean hacking operations leveraging blockchain-based malware such as EtherHiding, which hides malicious code in Ethereum and BNB Chain smart contracts.
These incidents underscore the persistent cybersecurity risks associated with blockchain technology and the increasing sophistication of crypto-related exploits.
Final Verdict
Joshua Armbrust’s sentence of three years’ probation reflects a judicial balance between accountability and compassion. While the court recognized his financial struggles and remorse, the sentence also underscores the seriousness of unauthorized use of corporate computing infrastructure.
As the cryptocurrency ecosystem matures, regulators and law enforcement agencies continue to stress that digital asset crimes—no matter the motive—will face real-world legal consequences.
