mallard
|
|
September 18, 2015, 06:06:48 PM |
|
there is no way of knowing that they are robbing the customers
This was their money, not the money of their clients.
|
|
|
|
coinpr0n
|
|
September 18, 2015, 06:11:21 PM |
|
there is no way of knowing that they are robbing the customers
This was their money, not the money of their clients. Debatable... The fraudster then sent emails to Bitpay CEO Stephen Pair purporting to be from Krohn, asking Pair to transfer 1,000 bitcoins to a Bitpay customer's "wallet," which he did. Sounds like it was a customer's funds. They probably just covered the losses.
|
|
|
|
Gleb Gamow
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
September 18, 2015, 06:14:35 PM |
|
there is no way of knowing that they are robbing the customers
This was their money, not the money of their clients. $1.8M of their personal moneys on account or of moneys stemming from VCs? BTW, not bad for the sale of Bitcoin Magazine founded by Matthew Neal Wright, et al.
|
|
|
|
Mickeyb
|
|
September 18, 2015, 06:22:34 PM |
|
Man what a freaking story. I mean what a hell and how long will this be happening. I agree with all of the comments above that Bitcoin cannot advance in adoption until we don't stop seeing horror stories like this in the newspaper.
I mean what are new people that don't understand Bitcoin get from this then, invest in Bitcoin and simply lose all of it by a simple email hack. For God's sake!!
|
|
|
|
Sourgummies
|
|
September 18, 2015, 06:34:39 PM |
|
Its really amazing how quick some of these companies rise up to become a serious business only to later show they have little protection from any one that thinks of sniffing around them. Would be nice if there was almost a community that would take a look at some of these new businesses to help them out and show them leaks in any of their ways of business. Would be good for every one but then again the trusted people in charge of that service would also need to be looked at,so goes the never ending loop of protection. The more you bring in the more you open up to being scammed,the less you bring in the bigger chance you get scammed by a hacker. Can you win these days?
|
|
|
|
Gleb Gamow
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
September 18, 2015, 08:05:49 PM Last edit: September 18, 2015, 08:24:35 PM by Gleb Gamow |
|
|
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
September 18, 2015, 08:15:40 PM |
|
Man, I feel bad for Tony. He's a good guy and a good businessman.
|
|
|
|
Gleb Gamow
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
September 18, 2015, 08:33:49 PM Last edit: September 18, 2015, 09:00:25 PM by Gleb Gamow |
|
Yep, just under two minutes after getting a fresh cup of coffee: https://blockchain.info/address/1GGrzbDaYUKF5bDLG9dprG44RtzP7Hv3viThe two addresses (far left, below) providing the 3,000 BTC are BitPay's cold wallet addreses: https://www.walletexplorer.com/txid/30a32a2cdf4bcec3664d2c4d302c0a41709f60ae920c14c0dc16c6af434a4a5aJust like the previous 2K, this 3K BTC tx was broken up into 600 BTC (400 BTC lots for the former) on the exact same date. BTW, that 3,000 BTC stems from the last of several 5,000 BTC txs doled out depicted here: https://www.walletexplorer.com/wallet/00ed29a2496f353a
|
|
|
|
Gleb Gamow
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
September 18, 2015, 09:12:27 PM Last edit: September 18, 2015, 09:29:05 PM by Gleb Gamow |
|
The following depicts one example of two of the three transactions merging with one another: https://www.walletexplorer.com/wallet/1fef7eb8259a33adNotice the date, January 5, 2015. Guess what happened the day before. Give up? This: http://www.coindesk.com/unconfirmed-report-5-million-bitstamp-bitcoin-exchange/In the case of Bitstamp, those behind the attack used Skype and email to communicate with employees and attempt to distribute files containing malware by appealing to their personal histories and interests. Bitstamp’s system became compromised after systems administrator Luka Kodric downloaded a file that he believed had been sent by a representative for an organization that was seeking his membership. "I see patterns!"
|
|
|
|
|
hikedoon
|
|
September 18, 2015, 10:11:21 PM |
|
I've read this story 3 times today and the amount keeps getting bigger,ffs. Correct me if i'm wrong but i read that 5000 BTC were stolen. That doesn't equal $2 million at present prices.
|
|
|
|
|
adamstgBit
Legendary
Offline
Activity: 1904
Merit: 1037
Trusted Bitcoiner
|
|
September 19, 2015, 03:12:09 AM |
|
the insurer refused to pay out, saying: The Computer Fraud Insuring Agreement is only triggered by situations where an unauthorized user hacks into or gains unauthorized access into your computer system and uses that access to fraudulently cause a transfer of money to an outside person or place.
|
|
|
|
edric
|
|
September 19, 2015, 03:29:52 AM |
|
The insurer is arguing the clause... "The Computer Fraud Insuring Agreement is only triggered by situations where an unauthorized user hacks into or gains unauthorized access into your computer system and uses that access to fraudulently cause a transfer of money to an outside person or place." They are saying that the CFO's computer is a third party and not insured under the agreement. They say... "Computer fraud equates to the use of a computer to "fraudulently cause a transfer" and is not the use of a computer somewhere in a transaction that involves fraud, false pretenses or misrepresentations." Yes, the security was not very good at BitPay and the guy should have known better, but at the same time, the insurance company seems to be making a really flimsy argument. It's like Bill Clinton and the meaning of "is." https://www.youtube.com/watch?v=j4XT-l-_3y0
|
|
|
|
Gleb Gamow
In memoriam
VIP
Legendary
Offline
Activity: 1428
Merit: 1145
|
|
September 19, 2015, 04:26:05 AM |
|
You do realize that Tony, Stephen and Bryan, all three, communicated via email during the ordeal, never face-to-face, thus at least two, perhaps all three, weren't at BitPay's office there in Atlanta on 12-11/12-12, 2014.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3542
Merit: 7009
Top Crypto Casino
|
|
September 19, 2015, 04:36:26 AM |
|
In theory This could also happen to a bank after such a social engineering attack. This has nothing to do with usong bitcoin, except for the anonimity regarding the coins. (bank accounts are easier to trace).
Agree with everybody that sendimg 1000 btc without double checking in anyway is a massive failure and a complete lack of common sense.
I hate that phrase "social engineering". I much prefer "tard hack".
|
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1074
|
|
September 19, 2015, 07:01:29 AM |
|
Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree. It was just too easy for these guys to "hack" $ 2 000 000 .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this. I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags.
|
|
|
|
MicroGuy (OP)
Legendary
Offline
Activity: 2506
Merit: 1030
Twitter @realmicroguy
|
|
September 19, 2015, 02:05:09 PM |
|
Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree. It was just too easy for these guys to "hack" $ 2 000 000 .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this. I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags. I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone.
|
|
|
|
mallard
|
|
September 19, 2015, 02:24:02 PM |
|
Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree. It was just too easy for these guys to "hack" $ 2 000 000 .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this. I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags. I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone. I thought that you were supposed to make a new address for each transaction https://en.bitcoin.it/wiki/Address_reuse
|
|
|
|
MicroGuy (OP)
Legendary
Offline
Activity: 2506
Merit: 1030
Twitter @realmicroguy
|
|
September 19, 2015, 02:28:17 PM |
|
Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree. It was just too easy for these guys to "hack" $ 2 000 000 .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this. I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags. I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone. I thought that you were supposed to make a new address for each transaction https://en.bitcoin.it/wiki/Address_reuseGood point! One day I would like to meet the person that wrote that wiki page. lol
|
|
|
|
|