Bitcoin Forum
December 12, 2024, 12:28:23 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 [7] 8 9 »  All
  Print  
Author Topic: BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000!  (Read 11160 times)
mallard
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
September 18, 2015, 06:06:48 PM
 #121

there is no way of knowing that they are robbing the customers

This was their money, not the money of their clients.
coinpr0n
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1000



View Profile
September 18, 2015, 06:11:21 PM
 #122

there is no way of knowing that they are robbing the customers

This was their money, not the money of their clients.

Debatable...

Quote
The fraudster then sent emails to Bitpay CEO Stephen Pair purporting to be from Krohn, asking Pair to transfer 1,000 bitcoins to a Bitpay customer's "wallet," which he did.

Sounds like it was a customer's funds. They probably just covered the losses.

Gleb Gamow
In memoriam
VIP
Legendary
*
Offline Offline

Activity: 1428
Merit: 1145



View Profile
September 18, 2015, 06:14:35 PM
 #123

there is no way of knowing that they are robbing the customers

This was their money, not the money of their clients.

$1.8M of their personal moneys on account or of moneys stemming from VCs? BTW, not bad for the sale of Bitcoin Magazine founded by Matthew Neal Wright, et al.
Mickeyb
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000

Move On !!!!!!


View Profile
September 18, 2015, 06:22:34 PM
 #124

Man what a freaking story. I mean what a hell and how long will this be happening. I agree with all of the comments above that Bitcoin cannot advance in adoption until we don't stop seeing horror stories like this in the newspaper.

I mean what are new people that don't understand Bitcoin get from this then, invest in Bitcoin and simply lose all of it by a simple email hack. For God's sake!!
Sourgummies
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500


Never ending parties are what Im into.


View Profile
September 18, 2015, 06:34:39 PM
 #125

Its really amazing how quick some of these companies rise up to become a serious business only to later show they have little protection from any one that thinks of sniffing around them. Would be nice if there was almost a community that would take a look at some of these new businesses to help them out and show them leaks in any of their ways of business. Would be good for every one but then again the trusted people in charge of that service would also need to be looked at,so goes the never ending loop of protection.
The more you bring in the more you open up to being scammed,the less you bring in the bigger chance you get scammed by a hacker.

Can you win these days? Undecided
Gleb Gamow
In memoriam
VIP
Legendary
*
Offline Offline

Activity: 1428
Merit: 1145



View Profile
September 18, 2015, 08:05:49 PM
Last edit: September 18, 2015, 08:24:35 PM by Gleb Gamow
 #126

Just took a break from doing what I was doing and it took me near two minutes to find the first two 1,000 BTC transactions (finding the 3,000 BTC shouldn't take me longer than that once I finish up with this post). It'll take me longer to post my findings than what it took to find the txs. HAHAHA

http://media.bizj.us/view/img/7016312/bitpay-2.pdf




https://www.walletexplorer.com/txid/587e9733b91d7a54c89517c8ab2b354a7105413f7db4d5a9ab57b19084e4243d



Shown below is the first 1,000 BTC stemming from BitPay: https://www.walletexplorer.com/txid/8524141d9bca1da61e9dfb3966b86def848d299b65878c4cd915627598747f5c



Below is the second 1,000 BTC stemming from Bitstamp, as outlined in the email exchange from the insurance company depicted in the image above: https://www.walletexplorer.com/txid/d400d5054e97363585f7026634544c405cecf38ec9c3d8c81a6fabbf56381b67



Q.E.D.
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
September 18, 2015, 08:15:40 PM
 #127

Man, I feel bad for Tony. He's a good guy and a good businessman.  Sad

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
Gleb Gamow
In memoriam
VIP
Legendary
*
Offline Offline

Activity: 1428
Merit: 1145



View Profile
September 18, 2015, 08:33:49 PM
Last edit: September 18, 2015, 09:00:25 PM by Gleb Gamow
 #128

Yep, just under two minutes after getting a fresh cup of coffee: https://blockchain.info/address/1GGrzbDaYUKF5bDLG9dprG44RtzP7Hv3vi

The two addresses (far left, below) providing the 3,000 BTC are BitPay's cold wallet addreses: https://www.walletexplorer.com/txid/30a32a2cdf4bcec3664d2c4d302c0a41709f60ae920c14c0dc16c6af434a4a5a



Just like the previous 2K, this 3K BTC tx was broken up into 600 BTC (400 BTC lots for the former) on the exact same date.

BTW, that 3,000 BTC stems from the last of several 5,000 BTC txs doled out depicted here: https://www.walletexplorer.com/wallet/00ed29a2496f353a
Gleb Gamow
In memoriam
VIP
Legendary
*
Offline Offline

Activity: 1428
Merit: 1145



View Profile
September 18, 2015, 09:12:27 PM
Last edit: September 18, 2015, 09:29:05 PM by Gleb Gamow
 #129

The following depicts one example of two of the three transactions merging with one another: https://www.walletexplorer.com/wallet/1fef7eb8259a33ad



Notice the date, January 5, 2015. Guess what happened the day before. Give up? This: http://www.coindesk.com/unconfirmed-report-5-million-bitstamp-bitcoin-exchange/

Quote
In the case of Bitstamp, those behind the attack used Skype and email to communicate with employees and attempt to distribute files containing malware by appealing to their personal histories and interests. Bitstamp’s system became compromised after systems administrator Luka Kodric downloaded a file that he believed had been sent by a representative for an organization that was seeking his membership.


"I see patterns!"
Gleb Gamow
In memoriam
VIP
Legendary
*
Offline Offline

Activity: 1428
Merit: 1145



View Profile
September 18, 2015, 09:34:49 PM
 #130

Unless BTC-e.com doesn't keep records, they should be able to shed tremendous light on who's behind the hack(?): https://www.walletexplorer.com/wallet/0786ae596ac30cb6
hikedoon
Full Member
***
Offline Offline

Activity: 143
Merit: 100


View Profile
September 18, 2015, 10:11:21 PM
 #131

I've read this story 3 times today and the amount keeps getting bigger,ffs.
  Correct me if i'm wrong but i read that 5000 BTC were stolen.
 That doesn't equal $2 million at present prices. Huh
Gleb Gamow
In memoriam
VIP
Legendary
*
Offline Offline

Activity: 1428
Merit: 1145



View Profile
September 18, 2015, 10:20:01 PM
 #132

I've read this story 3 times today and the amount keeps getting bigger,ffs.
  Correct me if i'm wrong but i read that 5000 BTC were stolen.
 That doesn't equal $2 million at present prices. Huh

http://www.investing.com/currencies/btc-usd-historical-data

Quote
Dec 12, 2014   346.00   341.49   349.65   340.05   1.32%
Dec 11, 2014   341.49   340.00   356.99   332.51   0.44%

5,000 BTC X $356.99 = $1,784,950 (close enough to $1.8M)


Looks like I'm the first to mention the 1CgVfhL676UMhFuc8jmV3RHAhpi9tyYgwL and 14TSsT8Pf3hQvEFNmZXy7Nn8gXsQL3P5kv bitcoin wallet addresses initially used for the hack(?).
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
September 19, 2015, 03:12:09 AM
 #133

the insurer refused to pay out, saying:

Quote
The Computer Fraud Insuring Agreement is only triggered by situations where an unauthorized user hacks into or gains unauthorized access into your computer system and uses that access to fraudulently cause a transfer of money to an outside person or place.


edric
Hero Member
*****
Offline Offline

Activity: 546
Merit: 501



View Profile
September 19, 2015, 03:29:52 AM
 #134

The insurer is arguing the clause...

"The Computer Fraud Insuring Agreement is only triggered by situations where an unauthorized user hacks into or gains unauthorized access into your computer system and uses that access to fraudulently cause a transfer of money to an outside person or place."

They are saying that the CFO's computer is a third party and not insured under the agreement.  They say...

"Computer fraud equates to the use of a computer to "fraudulently cause a transfer" and is not the use of a computer somewhere in a transaction that involves fraud, false pretenses or misrepresentations."

Yes, the security was not very good at BitPay and the guy should have known better, but at the same time, the insurance company seems to be making a really flimsy argument.  It's like Bill Clinton and the meaning of "is."

https://www.youtube.com/watch?v=j4XT-l-_3y0

Gleb Gamow
In memoriam
VIP
Legendary
*
Offline Offline

Activity: 1428
Merit: 1145



View Profile
September 19, 2015, 04:26:05 AM
 #135

You do realize that Tony, Stephen and Bryan, all three, communicated via email during the ordeal, never face-to-face, thus at least two, perhaps all three, weren't at BitPay's office there in Atlanta on 12-11/12-12, 2014.
The Sceptical Chymist
Legendary
*
Offline Offline

Activity: 3542
Merit: 7009


Top Crypto Casino


View Profile
September 19, 2015, 04:36:26 AM
 #136

In theory This could also happen to a bank after such a social engineering attack. This has nothing to do with usong bitcoin, except for the anonimity regarding the coins. (bank accounts are easier to trace).

Agree with everybody that sendimg 1000 btc without double checking in anyway is a massive failure and a complete lack of common sense.

I hate that phrase "social engineering".  I much prefer "tard hack".

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Kprawn
Legendary
*
Offline Offline

Activity: 1904
Merit: 1074


View Profile
September 19, 2015, 07:01:29 AM
 #137

Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000  Roll Eyes .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags.   Shocked

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
MicroGuy (OP)
Legendary
*
Offline Offline

Activity: 2506
Merit: 1030


Twitter @realmicroguy


View Profile WWW
September 19, 2015, 02:05:09 PM
 #138

Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000  Roll Eyes .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags.   Shocked

I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone.
mallard
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
September 19, 2015, 02:24:02 PM
 #139

Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000  Roll Eyes .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags.   Shocked

I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone.

I thought that you were supposed to make a new address for each transaction

https://en.bitcoin.it/wiki/Address_reuse
MicroGuy (OP)
Legendary
*
Offline Offline

Activity: 2506
Merit: 1030


Twitter @realmicroguy


View Profile WWW
September 19, 2015, 02:28:17 PM
 #140

Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000  Roll Eyes .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags.   Shocked

I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone.

I thought that you were supposed to make a new address for each transaction

https://en.bitcoin.it/wiki/Address_reuse

Good point! Cheesy



One day I would like to meet the person that wrote that wiki page. lol
Pages: « 1 2 3 4 5 6 [7] 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!