A software engineer siphoned more than $300,000 from his employer by introducing what prosecutors called a “series of malicious software edits” that wired money into his personal account. If the scheme sounds like the plot of “Office Space,” that’s because the authorities said it was partly inspired by the movie.
It appears the engineer, Ermenildo Valdez Castro, 28, of Tacoma, Wash., did not watch the entire movie: All of the evidence in the workplace comedy was destroyed in an office fire. But Mr. Castro detailed the scheme in a document found on his company laptop, according to the Seattle police.
Mr. Castro, a former software engineer for the e-commerce site Zulily, edited code to divert shipping fees to a personal account and manipulate product prices, stealing about $260,000 in electronic payments and more than $40,000 in merchandise, the police said. He was charged on Dec. 20 with two counts of theft and one count of identify theft and is scheduled to be arraigned on Jan. 26 in King County Superior Court in Seattle, where Zulily is based.
According to a police report, a document found on Mr. Castro’s work laptop referred to the scheme as “OfficeSpace project.” He later told the police that he “named his scheme to steal from Zulily after the movie.”
In the 1999 film, office workers retaliate against corporate downsizing and their terrible bosses by introducing a computer virus into their company’s banking system to embezzle small sums of money. The characters in the film also lifted their scheme from a movie, “Superman III.”
Neither Mr. Castro nor Zulily responded to a request for comment. It was not clear if Mr. Castro had a lawyer.
According to court documents, Mr. Castro stole $110,240 by diverting shipping fees from some customers to an account he controlled on the payment-processing site Stripe. After Zulily began an investigation, Mr. Castro wrote a replacement code that double-charged some customers for shipping and routed an additional $151,645 in fees to his Stripe account, the documents say. Investigators discovered that more than 30,000 transactions totaling around $263,300 were paid into Mr. Castro’s Stripe account between February and June 2022 that were linked to nearly 25,000 different customer email addresses.
Mr. Castro also manipulated the prices of merchandise sold on Zulily, including a sofa bed, and then purchased those items “for pennies-on-the-dollar,” court records show, paying about $250 for nearly 1,300 items collectively worth more than $41,000.
Mr. Castro began working on Zulily’s shopping experience team in 2018 and “had direct involvement in the coding of the customer checkout process,” the police report said. In the spring of 2022, Mr. Castro began “editing Zulily’s software code in ways that allowed him to steal from the company,” according to the report, inserting three types of “malicious code” in the checkout process.
He admitted to the police that he had edited the code, but he said that Zulily knew about it and that “it was part of a testing process,” according to the police report. He also admitted to using the associated Stripe account to divert the shipping fees, and told the police that the money was “gone” and had been invested in the stock market, particularly in GameStop.
In May, Zulily’s fraud team discovered a pattern of steep price adjustments on several products Mr. Castro ordered and had shipped to his home in Tacoma as well as to a female friend whom Mr. Castro later identified as someone he had met on the dating app Tinder. According to the police report, Mr. Castro admitted having placed the orders but said “he had to test an error by sending a large quantity in one order and that he forgot to cancel the items.”
Mr. Castro did not return any of the items that were sent to him, and when the police searched his home, officers found “an exorbitant number of these items,” some of which were still in their original packaging with a shipping label attached. He was put on administrative leave on June 3 and was terminated six days later, the police report said.
Mr. Castro turned in his company laptop after he was fired, which is when Zulily’s cybersecurity team discovered the document labeled “OfficeSpace project.” In it, according to the police report, Mr. Castro wrote that his scheme would “cause production traffic to be routed to Stripe.” The document detailed the coding needed to pull off the scheme, including a note that he would need to “fudge exposure metrics.”
There were also “a number of entries” that indicated that Mr. Castro was preparing to live “off-grid” in the event he was discovered, according to court documents.
Mr. Castro was arrested on July 21 and was held on $999,999 bail. Jail records show he was released two days later.