Microsoft Loses Xbox Gift Cards Worth $10 Million in Online Scheme

RJ Pierce, Tech Times 01 July 2021, 02:07 pm

Microsoft is the latest victim of the cryptocurrency bubble if you could believe it.

According to a report by GameSpot, the company just lost a massive $10 million worth of Xbox gift cards due to a scheme perpetrated by one of their employees. All gift cards the said employee generated were sold for boatloads of bitcoin, until he was caught fairly recently.

(Photo : Chesnot/Getty Images)
PARIS, FRANCE - JUNE 16: The logo of the U.S. multinational computer and microcomputer, founded in 1975 by Bill Gates and Paul Allen, Microsoft Corporation on display during the 5th edition of the Viva Technology show at Parc des Expositions Porte de Versailles on June 16, 2021 in Paris, France.

The employee, a Microsoft engineer, named Volodymyr Kvashuk, was able to commit the crime after being assigned to simulate purchases from the company's online store. While working, he noticed that he got real Xbox gift card code whenever he made a simulated purchase. He then had the idea of selling this off, not for cash, but as bitcoins.

To sell the codes, PCGamer reported that Kvashuk went to cryptocurrency marketplaces such as Paxful. There, he would sell the Xbox gift cards in bulk at a discount, which would then be resold to buyers looking for codes.

Initially, the employee started small with $10 Xbox gift cards. He then moved on to denominations as big as $100 while working his shifts, recruiting a few co-workers to help him along the way. He rerouted his internet traffic through offshore servers in Japan and Russia and used a wide array of user-profiles user-profiles to hide his tracks. He also used money laundering websites like ChipMixer to hide the trail further.

But of course, this didn't fly under Microsoft's radar for very long. His activities resulted in a significant spike in gift card transactions. Before he knew it, federal agents were ordered to raid his home in July 2019. Kvashuk was sentenced to nine years in prison, ordered to pay restitution amounting to $8.3 million, and was likely deported to his home country of Ukraine.

Kvashuk's exploits were, as prosecutors would put it, was "singularly responsible" for the massive fluctuation of Xbox gift card pricing in global markets, as reported by WindowsCentral. This wasn't mere petty theft: it's a full-blown heist.

Microsoft Xbox Gift Card Heist: Did their Own Security Fail?

As much as what the employee did was bad enough, Microsoft's internal security might've been quite lacking for Kvashuk to do what he did.

The original report from Bloomberg that broke this story out had other more interesting details. But perhaps the most eye-catching one is that despite Kvashuk's job requiring him to simulate purchases, it still returned actual, working Xbox gift card codes. This is a major loophole in Microsoft's security that should be patched by now. But if it still isn't, then they're at risk of something like this happening again.

It seems like the video game industry has increasingly fallen victim to cyberattacks during the past couple of years. According to experts, there has been an insane 340% increase in gaming-focused cybercrime compared to pre-pandemic numbers, which is more than enough cause for concern.

And since Microsoft has been experiencing massive success with Xbox recently, they can't afford to deal with this down the road.