An employee at payment service Qiwi used company systems to personally mine 500,000 bitcoins, in one of the most audacious corporate scams of its kind to hit the cryptocurrency world.
The Russian-based payments processor announced the incident this week, which took place back in 2011, in a forum with students hosted by CEO Sergey Solonin.
Speaking at the Moscow Communications School, Solonin said the discovery of the employee’s actions first introduced him to the idea of using their payment terminals for mining cryptocurrency.
The employee had hacked the payment terminals to mine for cryptocurrency while they were not in use, in a scam that netted him around $5 million over a matter of months. According to Solonin’s anecdote, this was substantially more than the company was making from deploying the terminals.
“I thought ‘what a crazy stuff,’ we’re struggling to earn 3 cents on those terminals and such a gold mine is actually hidden here.”
The employee was invited to hand over the funds, which were mined through unauthorised use of company resources. The employee left the firm, but Solonin instructed his employees to continue to mine crypto using the same method. Unfortunately, soon after, the mining difficulty increased to a level beyond the capabilities of the Qiwi terminal network.
Qiwi has refused to divulge the employee’s name, although they were able to confirm the story separately through official channels.
While the employee didn’t return the funds to Qiwi in the end, Solonin told local press it was his understanding that the employee lost all of their funds after the collapse of the exchange that was holding them.
The story goes to show the difficulties companies can have in keeping track of high level scams and theft, which rely on substantial technical knowledge to carry out, let alone detect.
Particularly in the case of payment firms like Qiwi, the opportunities for rogue employees to rip off their unsuspecting employers are plentiful.
And until internal resources and expertise catch up with bitcoin and blockchain technology, scams like these will continue to leave tech employers vulnerable.