ST. PAUL — A former Northland resident will repay more than $45,000 to his former employer for misusing their computer systems to mine cryptocurrency for personal gain.

Joshua Paul Armbrust, 45, was sentenced Tuesday by U.S. District Judge Jerry Blackwell to three years of probation following his

April guilty plea to a felony count of computer fraud.

Armbrust, according to court documents, continued to use the resources of Digital River, a Minnetonka-based global e-commerce and payment processing company, for more than a year after he resigned in February 2020.

Through the scheme known as “cryptojacking,” he took advantage of the now-defunct company’s computing power to obtain and liquidate $5,895 worth of Ethereum — while forcing Digital River to absorb $45,270 worth of web service fees.

“The defendant’s conduct strikes at the core of digital trust and security in the modern economy,” Assistant U.S. Attorney Bradley Endicott told the court. “Companies rely on former employees to act ethically, even after separation, and to respect corporate systems and data.

“Unauthorized access to corporate cloud infrastructure not only creates financial harm, as in this case, but also exposes sensitive systems to potential compromise and opens the door to more severe cyber threats.”

Armbrust was

living in Orr when he was indicted by a federal grand jury last November.

Records indicate he has since relocated to St. Paul and is working for an insurance company.

Endicott said the scheme came to light only because Digital River, which went out of business in January, conducted an internal investigation and discovered the unauthorized activity, which was then traced back to Armbrust’s IP address.

Defense attorney William Mauzy told the court Armbrust had been given a code to access Amazon Web Services, which hosted programs that Digital River was using to mine cryptocurrency.

After leaving the job, the defendant used that same code to build a program to generate cryptocurrency for himself — leveraging the services between 6 p.m. and 7 a.m. daily, and then transferring the Ethereum into a digital wallet he controlled.

Endicott said it was “not a momentary lapse in judgment” but a “calculated and covert misuse of enterprise-level computing resources for private enrichment.” It “resulted in real monetary losses, investigative costs and operational disruption to a private company.”

“The defendant is clearly a capable and technically skilled individual,” the prosecutor said. “But instead of using those talents for constructive and lawful purposes, he chose to exploit his former employer for personal gain. It is disappointing that someone with this ability used his skills to steal.”

Mauzy, though, noted the scheme occurred “during a time of extreme financial need and considerable emotional distress,” as Armbrust was caring for his mother, who was in deteriorating health and has since died.

The attorney said the evidence clearly shows his client was not a “malicious hacker” who set out to disable his former employer’s computer systems. He made no efforts to cover his tracks and has accepted responsibility for the financial losses.

“Armbrust’s conduct, while criminal, was an act of desperation and despair,” Mauzy wrote, “not a crime of greed.”

The probationary term was expected, as both sides jointly recommended it under the plea agreement. Armbrust has no prior criminal history.

The FBI handled the investigation.

Tom Olsen covers crime and courts and the 8th Congressional District for the Duluth News Tribune since 2013. He is a graduate of the University of Minnesota Duluth and a lifelong resident of the city. Readers can contact Olsen at 218-723-5333 or tolsen@duluthnews.com.