An oversight in accounts wont to test Microsoft's payment systems let one engineer swindle his way into over $10 million after selling Xbox Gift Cards for Bitcoin over two years, a brand new report from Bloomberg revealed in the week .
In order to make sure its payment systems work, Microsoft employs engineers to "simulate" purchases on its stores. But soon after joining the corporate in 2017, Volodymyr Kvashuk discovered that there was a flaw in the accounts used to test purchases. See, these simulated accounts are usually flagged as such by the system, and won't send you physical goods if you tried to shop for , say, a replacement gamepad from its site. But if you tested a sale of Xbox Gift Cards, you'd still receive a totally valid 25-digit code.
Kvashuk could've easily reported this to his bosses. But with unlimited free codes at his fingertips, he chose a special option instead.
At first, Kvashuk generated himself a few of codes—a cheeky $5 or $10 here or there. But there was the chance to form massive, life-changing sums of cash off this exploit. He began cycling through mock profiles belonging to his colleagues to cover his tracks, automating the process with a bespoke piece of software prosecutors would later describe as "created for one purpose, and one purpose only: to automate embezzlement and allow fraud and theft on a huge scale."
After acquiring these codes, Kvashuk would head to crypto marketplaces like Paxful to search out prospective sellers. He'd sell them in bulk at a relative discount, which buyers would then go on to sell to folks who wanted to use the codes. money laundering sites like ChipMixer would let him hide his trail, and therefore the proceeds went towards facilitating an increasingly lavish lifestyle.
As Bloomberg notes, Kvashuk's Microsoft salary was hardly stingy. But it wasn't the type of cash that permit you propose for a seaplane, a yacht, and multiple lavish houses in Maui, California and Mercer Island, among other locations.
Microsoft was eventually clued in to Kvashuk's antics after noticing a pointy spike in gift card transactions, with federal agents eventually raiding his range in July 2019. In court, Kvashuk tried to argue that the mass theft was simply an experiment to extend store spending.
Obviously, it didn't fly. Kvashuk was sentenced to 9 years in prison, likely deported back to his home country of Ukraine, and can be charged restitution of $8.3 million. I'm afraid there's not a present card within the world that'll cover that expense.