Bloomberg News has an eyebrow-raising story worth checking out today: it’s the tale of convinced Microsoft engineer Volodymyr Kvashuk—a Ukrainian immigrant now facing 10 years in prison and deportation to his home country after stealing $10 million in gift card codes for the company’s digital storefront.
The saga of Kvashuk begins with a trip to America after participating in the 2014 protests that ousted Ukraine’s Russian-backed president—and ends with a 10-year conviction for a crime spree that reads like a violence-lite Grand Theft Auto tale.
After immigrating to America Kvashuk apparently got a job with Microsoft first through a contractor, then as a proper engineer working on the company’s digital storefront.
After a while, he discovered a bug in the company’s testing system that allowed him to use internal testing accounts to “purchase” millions of dollars of gift card codes without paying any money to Microsoft.
The crime worked like this: Kvashuk would use an internal testing account to purchase the strings of codes. These accounts weren’t supposed to be able to complete real purchases—but that restriction was only limited to physical objects. Digital transactions, like gift card codes, could be completed.
From there, Kvashuk would flip the codes on platforms like Paxful, exchanging thousands of codes for cryptocurrencies like Bitcoin. One early transaction saw Kvashuk trade $27,848 of Xbox gift card codes for 1.98 Bitcoin (then worth $17,240).
That would obviously be a loss, if Kvashuk had ever paid for the codes in any capacity. He then used tools like ChipMixer to attempt to cover the tracks of how he acquired his Bitcoin, and would eventually launder the money back into a Wells Fargo checking account.
Kvashuk’s spree went on from there, and began to come to a close when Microsoft noticed a huge spike in gift card transactions without any correlating increase in revenue.
For some developers, this is a cautionary tale of properly developing tools to manage financial transactions. For others, there’s a character study in here of an immigrant who saw the flaws in a system designed to make a few extra cents off gifting purchases.
But buried between the lines is an uncomfortable truth that platforms like Steam and Xbox have been dealing with for several years now—that gift cards, in-app currencies, and other online good exchanges can be a bridge for money laundering and other financial crimes.
It’s partly why the FTC has warnings for gift card fraud, and why Valve has had to stamp down on Counter-Strike: Global Offensive transactions over the past few years.
As Bloomberg notes, gift cards come with a lot of benefits for large corporations when people choose to use them as gifts instead of cash. Through activation fees, forgotten cards, or just changing currency values, they’re a revenue stream that softly works more in their favor than those who purchase them as gifts.
But those soft benefits can quietly work for fraudsters too.