Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto

A Nebraska man will appear in court today to face charges related to allegations that he defrauded cloud service providers of more than $3.5 million in a long-running cryptojacking scheme.

Charles O. Parks III is alleged to have netted himself a sum north of $970,000, the indictment claims, between in or about January 2021 through August of the same year. He is accused of doing so using the high-powered computational resources of two "well-known providers of cloud computing services" referred to only as "Company 1", "Subsidiary 1" (a subsidiary of Company 1), and "Company 2".

These "well-known providers" were said to be based in Seattle and Redmond respectively. Any guesses? One potential clue: Google is based in Mountain View.

Parks was alleged to have created five different accounts with Subsidiary 1 all using a VPN and a variety of names, email addresses, corporate affiliations, and other identifying information. 

Among these companies included CP3O LLC and, amusingly, since he never became one throughout this scheme, MultiMillionaire LLC.

He allegedly went on to convince the companies to increase the resources to which he had access, requesting powerful instances suitable for cryptomining, and then proceeded to not pay the huge bills he racked up at each company.

Nearly $1 million worth of Ethereum, Litecoin, and Monero was mined and laundered, which in turn used $2.58 million worth of resources at Subsidiary 1 and $969,731 at Company 2.

Tens of thousands of high-powered instances were spun up over the course of the scheme. In two cases, an individual prosecutors allege was Parks started using another account at Subsidiary 1 within a day of his previous one being banned for nonpayment and fraudulent activity.

Using cloud platforms is legal, but there are serious restrictions. With Azure, for example, you need Microsoft's explicit approval, although this policy came into effect in 2022. When the complaint alleges Parks was running his scheme, mining was allowed on Azure, but only on certain subscription types.

Plus, it's generally understood that you can't make a profit since the costs incurred will outweigh the value of the tokens that are mined. So, the only way to make a profit is to mine away, not pay the bill, and run off to a place that won't extradite you back to the US.

The indictment alleges that Park did not do that though. He stayed in Omaha, Nebraska, and after allegedly laundering his tokens and turning them into dollars, he spent it on lavish purchases such as a Mercedes Benz and first-class travel.

• Secret multimillion-dollar cryptojacker snared by Ukrainian police
• Software engineer helped put Sam Bankman-Fried behind bars, say prosecutors
• Canonical cracks down on crypto cons following Snap Store scam spree
• US sanctions spree continues with 15 more for Russian entities

The Feds allege he used a variety of platforms to launder the mined tokens, including crypto wallets, crypto exchanges, and NFT marketplaces before turning them into fiat currency and sending them to different bank accounts.

The indictment alleges Parks was aware of US financial reporting requirements, specifically the one that requires financial institutions like crypto exchanges to file a Form 8300 with the Internal Revenue Service when transactions above $10,000 are made.

Various transactions are featured in the court documents [PDF] that show sums of $9,999 leaving crypto exchanges and being sent to wallets the Feds alleged were controlled by Parks all within a matter of minutes.

"Charles Parks, also known as CP3O, allegedly created a cryptojacking scheme to defraud prominent cloud service providers of millions and illegally mine approximately $1 million in cryptocurrency for personal use," said James Smith, assistant director-in-charge at the FBI. 

"Criminals are becoming more adept at manipulating digital tools and hiding behind advanced technology, which often causes significant financial damage to their victims. The FBI is committed to the steadfast pursuit of those who attempt to develop innovative techniques to commit crimes."

Parks was arrested on April 13, 2024, and will make his first appearance in federal court today in Nebraska. He faces a maximum of 20 years in prison for one charge related to wire fraud and money laundering, and 10 years in prison for the remaining unlawful monetary transaction charges.

"This arrest illustrates the power of law enforcement joining forces with the private sector to identify and track down cybercriminals, and to put an end to their sophisticated thievery," stated  Edward A. Caban, commissioner at the New York City Police Department (NYPD). 

"While the threat landscape in this space is growing in complexity and depth, the NYPD and our federal partners continue to ably confront malicious actors even as they adopt new tactics." ®