Capital One Hacker Used Stolen Computing Power to Mine Crypto

Capital One hacker Paige Thompson had been using stolen computing power to mine cryptocurrencies, a federal grand jury indictment revealed.

AccessTimeIconAug 30, 2019 at 7:00 a.m. UTC
Updated Sep 13, 2021 at 11:23 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

A federal grand jury indictment of a former Amazon software engineer accused of breaching Capital One’s data servers reveals instances of crypto-jacking at the heart of her scheme.

Between March and July 2019, Paige Thompson accessed at least 30 institutions’ servers managed by an unnamed cloud computing company, compromising at least 100 million customer accounts, according to a release published Wednesday. While there is no indication Thompson attempted to sell this information, she did use stolen computing power to mine cryptocurrencies.

According to the indictment, Thompson scanned for and misconfigured vulnerable web firewalls to gain access to rented cloud servers. She would duplicate sensitive “buckets of data” onto her own server kept at home, and cover her tracks using the anonymizing TOR browser.

“The object also was to use the access to the customers’ servers in other ways for [her] own benefit, including by using those servers for cryptojacking,” wrote prosecuting attorneys Steven Masada and Andrew Friedman.

Thompson reportedly spoke about her fraud over Slack and Twitter DMs. At one point, Thompson, under an alleged pseudonym, posted messages referring to cryptojacking over a Slack channel.

“I’ll be employed again soon and if I had a partner I could have them take over my cryptojacking enterprise and be a stay at home," one such message read, according to a report by Forbes staffer Thomas Brewster.

Another Slack message read: “For some reason i lost a whole fleet of miners all at the same time, so i think someone is onto me.”

Law enforcement became aware of Thompson’s activity after she shared information on GitHub relating to her theft of information from Capital One’s rented servers. The indictment also cites three unnamed victims including a state agency, a telecommunications conglomerate outside the U.S. and a public research university.

She faces up to 25 years in prison if found guilty of the charges, which include two counts of wire fraud and computer fraud. Additionally, Thompson is asked to forfeit her ill-gotten gains, or equivalent assets if inaccessible or untraceable.

Capital One image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.