A former IT professional from Minnesota’s Northland region has been sentenced to federal prison for secretly installing cryptocurrency mining software on his employer’s servers—a practice known as “cryptojacking” that has become increasingly concerning in corporate environments.
The 39-year-old man received a 16-month prison sentence after pleading guilty to unauthorized access to protected computers. His scheme, which ran for nearly a year, caused an estimated $576,000 in damages to his employer through excessive electricity consumption and computing resources.
During my recent conversations with cybersecurity experts at the RSA Conference in San Francisco, many identified cryptojacking as a growing threat that often flies under the radar. Unlike ransomware attacks that announce themselves by locking systems, cryptojacking silently drains resources while generating digital currency for attackers.
“This case exemplifies how trusted insiders can exploit their technical access,” explained Marcus Fowler, CEO of Darktrace Federal, when I asked him about the rising trend. “Organizations often focus on external threats while overlooking the potential damage from those who already have legitimate access to their systems.”
According to court documents, the defendant installed specialized mining software on multiple company servers between October 2021 and August 2022. The cryptocurrency mining operations caused noticeable system slowdowns and triggered numerous IT tickets, eventually leading to an internal investigation that uncovered the unauthorized software.
The case highlights how cryptocurrency mining operations consume extraordinary amounts of computing power and electricity. The Cambridge Bitcoin Electricity Consumption Index estimates that global Bitcoin mining alone uses more electricity annually than many medium-sized countries.
What makes this case particularly troubling is the defendant’s position of trust. As a systems administrator, he had legitimate access to critical infrastructure but exploited it for personal gain. Court records indicate he mined approximately $30,000 in cryptocurrency before being discovered—a sum dwarfed by the damage caused to his employer.
“The disparity between what criminals gain and the damage they cause is typical in cryptojacking cases,” noted Nicole Perlroth, cybersecurity journalist and author, during a panel I moderated last month. “Companies often face costs ten to twenty times higher than whatever profit the attacker makes.”
Beyond the immediate financial impact, the incident exposed the organization to additional security risks. The mining software created potential backdoors and vulnerabilities that could have been exploited by external threat actors.
Federal prosecutors emphasized the deterrent value of the sentence. “Trusted employees who abuse their access for personal gain should understand there are serious consequences,” the U.S. Attorney stated following the sentencing.
The rise in cryptojacking parallels the growing value and prominence of cryptocurrencies. While Bitcoin remains the most recognized digital currency, attackers often mine alternatives like Monero that offer greater anonymity and can be mined efficiently using standard computer hardware.
For organizations, defending against cryptojacking requires a multi-layered approach. Network monitoring tools can identify unusual patterns of server activity or unexpected spikes in processing power. Regular security audits should include checks for unauthorized software, particularly on critical infrastructure.
“Prevention starts with the principle of least privilege,” cybersecurity consultant Eva Chen told me at last week’s Black Hat briefings. “No employee should have more access than necessary to perform their job, and all privileged actions should be logged and monitored.”
Companies should also implement robust change management protocols that flag unauthorized software installations, especially on production servers where such activities could impact business operations.
The Minnesota case serves as a reminder that while spectacular ransomware attacks dominate headlines, quieter threats like cryptojacking can cause substantial damage over time. As cryptocurrency values fluctuate but generally trend upward, the incentive for such schemes is likely to persist.
For the thousands of organizations with complex IT infrastructure, the message is clear: trust is essential, but verification and monitoring are critical safeguards against insider threats. Without them, the servers powering legitimate business operations might be secretly working overtime to line someone else’s digital wallet.
