Cyber Incident Victim: Microsoft
Date:
Nov 2020
Location:
United States of America
Summary
A former Microsoft engineer was sentenced to nine years in prison for stealing $10 million by exploiting his access to digital gift cards and stored value products during platform testing. Initially using his own account for smaller thefts, he escalated to hijacking colleagues’ identities to conceal larger-scale fraud, laundering proceeds through Bitcoin mixing services and transferring millions to personal accounts. The individual falsely reported the illicit funds as legitimate income on tax returns and spent stolen money on luxury assets including a waterfront property and high-end vehicle. Convicted on multiple counts including wire fraud, money laundering, aggravated identity theft, and tax violations, he was ordered to pay over $8 million in restitution. U.S. authorities emphasized that cryptocurrency transactions did not shield the criminal activity from prosecution.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Volodymyr Kvashuk, a Ukrainian citizen and former Microsoft contractor and employee, engaged in a multi-year scheme to steal approximately $10 million from Microsoft between August 2016 and June 2018. As an engineer involved in testing Microsoft’s retail sales platform, Kvashuk exploited his access to digital gift cards and currency stored value (CSV) items. He initially stole smaller amounts totaling up to $12,000 using his own employee account but escalated his thefts to millions of dollars by hijacking the accounts of coworkers. This unauthorized access allowed him to systematically extract digital assets, which he then sold through online channels. To conceal the illicit origin of the funds, Kvashuk utilized a Bitcoin "mixing" service to obscure transaction trails before transferring $2.8 million in cryptocurrency proceeds to his personal bank and savings accounts within a seven-month period. He further attempted to legitimize the stolen funds by filing false tax returns that fraudulently claimed the money originated from a relative.
Kvashuk’s theft was detected and investigated, leading to a February 2020 jury conviction on 18 federal charges, including five counts of wire fraud, six counts of money laundering, two counts of aggravated identity theft, two counts of filing false tax returns, and single counts of mail fraud, access device fraud, and unauthorized computer access for fraud. On November 10, 2020, he received a nine-year prison sentence and was ordered to pay over $8.3 million in restitution. U.S. authorities highlighted his purchase of a $1.6 million lakefront home and a $160,000 Tesla as examples of illicit fund usage. Prosecutors emphasized that his case demonstrated the limitations of cryptocurrency anonymity in concealing criminal activity, with officials stating the sentencing proved Bitcoin could not shield internet-based theft. The conviction addressed violations spanning financial fraud, identity theft, tax evasion, and computer access laws, culminating in one of the most significant insider theft cases prosecuted against a technology employee.