Former Ubiquiti Employee Gets 6 Years in Prison for $2 Million Crypto Extortion Case
Former Ubiquiti employee once punished to six years in prison after he pleaded guilty to impersonating an anonymous hacker and whistleblower in an attempt to extort nearly $2 million worth of cryptocurrency while working for the company.
Nickolas Sharp, 37, was arrested in December 2021 for using insider access as a senior developer to steal confidential data and sending anonymous emails asking network technology providers to pay 50 bitcoins (about $2 million at the time) in exchange for siphoning information.
Ubiquiti, however, didn’t give up on the ransom attempt and instead circled in on law enforcement, eventually identifying Sharp as the hacker after tracking a VPN connection to a Surfshark account purchased with his PayPal account.
“Sharp repeatedly abused his administrative access to download gigabytes of confidential data from his employer,” the US Department of Justice said, adding he “modified the session file name to make it appear as if another coworker was responsible for his malicious session.”
The Oregon-based defendant, in addition to providing false statements denying knowledge of the extortion scheme, tampered with log retention policies and other session filenames to hide his unauthorized activity on the corporate network.
Sharp, who worked at Ubiquiti from August 2018 to the end of March 2021, plead guilty earlier this February to spread fake news that the company had been hacked by an unknown actor who had gained administrator access to the company’s AWS account.
Learn How to Stop Ransomware with Real-Time Protection
Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.
The trumped-up security breach caused Ubiquiti’s share price to plunge by around 20% in March 2021, causing it to lose more than $4 billion in market capitalization.
In addition to the prison sentence, Sharp was “sentenced to three years of supervised release and ordered to pay damages of $1,590,487 and seize personal property used or intended to be used in connection with this offence.”
