BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000!

[MicroGuy]

Atlanta's Bitpay Inc. got hacked for more than $1.8 million in bitcoins.

According to a lawsuit filed Sept. 15 in federal court in Atlanta, in December 2014, Bryan Krohn, Bitpay's chief financial officer, got an email from someone purporting to be with a digital currency publication asking Krohn to comment on a bitcoin industry document.

Unknown to Krohn or Bitpay, the email sender's computer had been hacked, and the hacker sent the phony email that directed Krohn to a website controlled by the hacker, where Krohn provided the credentials for his Bitpay corporate email account, according to the lawsuit.

"After capturing Mr. Krohn's Bitpay credentials, the hacker used that information to hack into Mr. Krohn's Bitpay email account to fraudulently cause a transfer of bitcoin" valued at $1,850,000, the lawsuit says.

According to court documents, the transfer was a total of 5,000 bitcoins in three separate transactions.

The fraudster got access to Krohn's email, allowing the fraudster to review Krohn's communications "to learn specific details about how Bitpay transacted business," according to the lawsuit. The fraudster then sent emails to Bitpay CEO Stephen Pair purporting to be from Krohn, asking Pair to transfer 1,000 bitcoins to a Bitpay customer's "wallet," which he did.

A short time later the CEO received a second email requesting the transfer of another 1,000 bitcoins, which he did.

The next day, the imposter sent another email to the CEO asking him to send an additional 3000 bitcoins to the customer. The CEO emailed Krohn to confirm the request, and the imposter sent back an email saying the transfer was valid. The CEO then sent the bitcoins.

The scam was apparently discovered because the CEO copied Bitpay's real customer on the final email about the transfer of the 3,000 coins, and the customer then replied back that they did not purchase the bitcoins.

Bitpay tried to get its insurer to cover $950,000 of the loss, but in June the insurer declined to pay. Bitpay is now suing the insurer.

To read the complete lawsuit, click here. To see Bitpay's insurance policy, read why its insurer has rejected Bitpay's insurance claim (including a detailed play-by-play of the hack), and read emails about the insurance dispute, click here.

In March, the Technology Association of Georgia recognized Bitpay as one of its Top 40 Innovative Technology Companies in Georgia for 2015.

Full Story: http://www.bizjournals.com/atlanta/news/2015/09/16/atlantas-bitpay-got-hacked-for-1-8-million-in.html

[tommorisonwebdesign]

This reminds me of the Mt. Gox scandal that brought down the price of Bitcoin from $1000 to eventually where it is now. That, plus all of the controversy around BIP 101, I would say the price is going to be low for a while until things cool down.

[Nobitcoin]

Here we go again and people wonder why there isn't more adopters of Bitcoin

[r0ach]

Did anyone else think this story made no sense?  Is this another "woops, someone hacked our cold storage that wasn't connected to the internet".

[Kakmakr]

So these people have no telephones to confirm these types of transactions? Everyone know email is the easiest platform to hack. How can they simply trust a email to transfer $2 000 0000 worth of Bitcoin? I hope a full investigation will be launched and some people will get fired for this.

Every time something like this happens, people lose faith in the technology. I will never trust a 3rd party to keep any large amount of my coins. A central organization have many weak links! and they become a easy target for hackers.

[kelsey]

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).

[smoothie]

Wow just wow.

Don't you think when sending that much Bitcoin they would triple check that everything is legit before moving forward?

Good lord. How many times do companies need to be hacked before they get their shit together and secure every aspect of their business down?

[smoothie]

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).

How do you claim to be insured when it is an obviously internal fuck up?

"Hey I deleted my wallet.dat..... Can you insure the loss please?"

[hedgy73]

What a mess and yet another negative story hits the press about bitcoin .

I don't blame the insurer for disputing the claim either, sounds like incompetence to me.

[killerjoegreece]

Bitpay wow! that surely is a lot of money. i hope they find out who did this and bring him to justice.

[gogxmagog]

Stories like this should BOOST mainstream adoption of btc about 1000%
Where else can you rip off a couple million with three emails? It's stupid-simple. Everybody should be getting in on this crazy train. Lol @ bitpay... Retards

[Amph]

Here we go again and people wonder why there isn't more adopters of Bitcoin

well this isn't bitcoin fault at all, if they can't handle their security well it's only their fault, but as usual they blame bitcoin for everything

[coinpr0n]

Not sure who to side with on this one. Seems like a total screw-up on BitPay's part. Better security systems need to be in place for these kinds of things. Wow.

[Kprawn]

When MtGox did this... they blamed a hacker.... Now it's a hacker again... Seeing any pattern here? It's never the owner or the operator... It's always a unknown external entity. 

Some of these companies add a lot of value and incorporate a lot of genius, but when they fall, we fall with them. I prefer not to use many of these services for that exact reason. I can already see my friends

running over to my house, with the bad news about Bitcoin. The last time, it was " Did you hear... The CEO of Bitcoin was arrested " 

[3888]

The checks and balances BitPay had in place clearly leaves a lot to be desired.

The fact that a company can just make payments valued at close to $2m just on the basis of an email clearly shows that their internal security and systems are not up to scratch.

I've I was the insurer I would also decline to pay.

[Lauda]

Here we go again and people wonder why there isn't more adopters of Bitcoin

This should not be blamed on Bitcoin at all. This was the result of humans making mistakes. Who in the right mind would let the CEO alone initiate a transfer of so many coins?

When MtGox did this... they blamed a hacker.... Now it's a hacker again... Seeing any pattern here? It's never the owner or the operator... It's always a unknown external entity.  

Do you need a tinfoil hat with that?

People need to relax right now and stop panicking. This happened in 2014. Bitpay is okay, they are only suing their insurer because they do not want to cover some of the damages. This is hardly what I would call breaking news. Maybe one day all these companies will learn their lesson (keep only 0.1% outside of a multi-signature cold wallet).

[NorrisK]

In theory This could also happen to a bank after such a social engineering attack. This has nothing to do with usong bitcoin, except for the anonimity regarding the coins. (bank accounts are easier to trace).

Agree with everybody that sendimg 1000 btc without double checking in anyway is a massive failure and a complete lack of common sense.

[HCLivess]

How come I have better security procedures than BitPay 

[LFC_Bitcoin]

Is this confirmed by a better source? If so it's pretty horrific publicity for bitcoin. Gross negligence by Bitpay if true it really is, how can a company be so unprofessional. That is a hell of a lot of money to lose.

No wonder adoption has stalled when shit like this keeps happening.

[Snorek]

Here we go again and people wonder why there isn't more adopters of Bitcoin

This should not be blamed on Bitcoin at all. This was the result of humans making mistakes. Who in the right mind would let the CEO alone initiate a transfer of so many coins?

-snip-

My thoughts exactly. There is almost always human factor and error included in every hacking attempt. It is their own fault they were hacked.
And secondly - there should be some sort of failsafe system to prevent ONE person to have access to all funds.