Employee mined bitcoins on Federal Reserve servers for two years

The Federal Reserve Bank is the Central Bank of the United States and issuer of the US Dollar. However, wielding the power to print just one currency may not have been enough for one former employee.

Nicholas Berthaume worked at the Board of Governors of the Federal Reserve as a communications analyst, which gave him access to Fed servers. Berthaume installed bitcoin mining software on at least one server there, and created a backdoor to it so that he could remotely access the mining software from home.

When the Inspector General’s office, (OIG), began investigating the breach of security, Berthaume denied any knowledge of the charges, and remotely deleted the software in an effort to conceal his actions. Forensic analysts from the Federal Reserve System's National Incident Response Team then confirmed his involvement.

Berthaume maintained his bitcoin mining operation on the Fed’s servers without being detected for over two years, from March 2012 through June 2014. On October 31, 2016, Berthaume accepted a plea bargain for one count of unlawful conversion of government property, which is a misdemeanor offense. The former Fed employee was recently sentenced to one year of probation and fined $5,000.

- OIG Inspector General Mark Bialek

Dozens of articles across the FinTech world reported on the event, such as the popular blog about FinTech investments, Dealbreaker. “While it makes you wonder what Berthaume knows about monetary policy that we don’t,” columnist Thornton McEnery pondered, “it also prompts one to wonder at how dangerous it was to have Fed computers hooked up to the notoriously insecure world of Bitcoin trading.” According to the OIG, the Board has implemented “security enhancements as a result of this incident.”

Stealing other people’s computing power and electricity in order to mine bitcoins is hardly restricted to the Fed. Two Venezuelan Bitcoin miners were arrested in March last year, and recently four more were arrested for the same crime. While Bitcoin is legal in Venezuela, using the free, socialized electricity to mine it is illegal as electricity is rationed nationwide and there is no way to pay for your own use. The charge was theft of electricity in both cases.

In early 2016, the first case of bitcoin miners arrested for stealing power in Europe occurred in Rotterdam, when two brothers there were arrested. Another European case opened in May, when six Spanish “mining centers” were raided and the hardware was confiscated. The Spanish authorities charged the conspirators with money laundering, and electricity theft.

A family in the Chinese province of Anhui was convicted of stealing electricity from a neighborhood junction box in December. The authorities claim the theft occurred over a period of six months, and powered 50 mining rigs. The defendants are likely to serve up to ten years if convicted.

However, the most widespread case of illegally mined bitcoin involved a video game company in the United States. In April 2013, an engineer at the E-Sports Entertainment Association (esea) placed bitcoin mining software on more than 14,000 unsuspecting customers’ computers, using a Bitcoin mining Trojan. While the perpetrator only made a reported $3,713 in bitcoin before he was caught and fired, a class action lawsuit resulted against the company.