Buying video games for many has become a game of copying a long code from one place to redeem it in another, and that very act was apparently part of an elaborate heist worth millions in Microsoft Xbox currency.
The story of Volodymyr Kvashuk’s scam quickly went viral this week thanks to a large Bloomberg piece about the scheme and its aftermath. The entire Bloomberg piece is fascinating, and details the sprawling tale of an immigrant who got a job at Microsoft as an engineer testing out flaws in the company’s online website. But he then stumbled into a loophole with digital gift cards that turned into one of the biggest online scams in recent memory.
Then Kvashuk found a bug that would change his life, a flaw so stupidly obvious that he couldn’t bring himself to report it to his managers. He noticed that whenever he tested purchases of gift cards, the Microsoft Store dispensed real 5×5 codes. It dawned on him: He could generate virtually unlimited codes, all for free. A former senior engineer on Kvashuk’s team—who, like other sources in this story, spoke on the condition of anonymity to avoid being publicly associated with the wrongdoing that followed—says this was the Halo-age equivalent of a frontier bank leaving its vault unlocked. “Sooner or later, someone’s going to try to get away with taking $20,” the ex-Microsoft employee says. “When they don’t get caught, they figure, ‘All I need is six guys to empty out the safe one night when no other employees are around.’ ”
According to the story, they did, indeed, empty out that safe to the tune of more than 152,000 Xbox gift cards worth $10.1 million. In the end, the scam landed Kvashuk in jail. But before that, he quite literally controlled the market for online Xbox codes.
At one point, Kvashuk, who didn’t respond to repeated requests for comment, was flipping so many 5×5 codes that prosecutors said he was singularly responsible for global fluctuations in the price of Xbox gift cards on reseller markets. When prices dropped too low, he’d withhold his supply in the hope the drought would push the market upward. “This was an old-school crime with a high-tech MO,” says Michael Dion, the lead attorney in the government’s criminal case against Kvashuk.
The how and why, as well as his background and coming to America story, is certainly worth the read here. There are automated programs, secondary markets and very lucrative loopholes to exploit. Not to mention how Kvashuk was tracked down and found out. But the lesson here is that those codes you probably hate entering are extremely lucrative. And buying one from a shady source almost certainly has a very strange story attached to it.
[via Bloomberg]