Capital One Hacker Used Stolen Computing Power to Mine Crypto

Capital One hacker Paige Thompson had been using stolen computing power to mine cryptocurrencies, a federal grand jury indictment revealed.

AccessTimeIconAug 30, 2019 at 7:00 a.m. UTC
Updated Aug 18, 2021 at 12:36 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A federal grand jury indictment of a former Amazon software engineer accused of breaching Capital One’s data servers reveals instances of crypto-jacking at the heart of her scheme.

Between March and July 2019, Paige Thompson accessed at least 30 institutions’ servers managed by an unnamed cloud computing company, compromising at least 100 million customer accounts, according to a release published Wednesday. While there is no indication Thompson attempted to sell this information, she did use stolen computing power to mine cryptocurrencies.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • According to the indictment, Thompson scanned for and misconfigured vulnerable web firewalls to gain access to rented cloud servers. She would duplicate sensitive “buckets of data” onto her own server kept at home, and cover her tracks using the anonymizing TOR browser.

    “The object also was to use the access to the customers’ servers in other ways for [her] own benefit, including by using those servers for cryptojacking,” wrote prosecuting attorneys Steven Masada and Andrew Friedman.

    Thompson reportedly spoke about her fraud over Slack and Twitter DMs. At one point, Thompson, under an alleged pseudonym, posted messages referring to cryptojacking over a Slack channel.

    “I’ll be employed again soon and if I had a partner I could have them take over my cryptojacking enterprise and be a stay at home," one such message read, according to a report by Forbes staffer Thomas Brewster.

    Another Slack message read: “For some reason i lost a whole fleet of miners all at the same time, so i think someone is onto me.”

    Law enforcement became aware of Thompson’s activity after she shared information on GitHub relating to her theft of information from Capital One’s rented servers. The indictment also cites three unnamed victims including a state agency, a telecommunications conglomerate outside the U.S. and a public research university.

    She faces up to 25 years in prison if found guilty of the charges, which include two counts of wire fraud and computer fraud. Additionally, Thompson is asked to forfeit her ill-gotten gains, or equivalent assets if inaccessible or untraceable.

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.