BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000!

[Come-from-Beyond]

well there goes this year's profit margin

How much did they earn? Order of magnitude is enough.

[Q7]

Although I'm not a law expert but looking at how they handle the bitcoin transfer using only email and without having any proper verification and approval process, most likely they will lose the case. Insurance don't cover for careless mistakes and loopholes

[adamstgBit]

well there goes this year's profit margin

How much did they earn? Order of magnitude is enough.

a guess would be ~0.8% of their volume.

i think its about 1million a day?

so ~2.848million a year

there costs must be in the 0.5 million to 1 million a year

massively guessing here.

[uxgpf]

Yes, that is a social engineering attack, not a hack.

E-mail is not secure, everyone knows it. You should always verify important matters over some more secure medium, preferably multiple ones. Even a phone call would have been enough to prevent this.

[johnyj]

"Immediately after clicking on the Google doc link, Mr Krohn enters his authenticating information as prompted in order to access the purported Google docs and receives an error message," the letter states. "[Krohn] believes his private information was stolen at that time and that his response provided access to his email to the fraudster."

I guess he was using gmail account to access google docs? A gmail account as corporate account???

Do not open any google doc  

[Betwrong]

So these people have no telephones to confirm these types of transactions? Everyone know email is the easiest platform to hack. How can they simply trust a email to transfer $2 000 0000 worth of Bitcoin?

Exactly! Actually I think they are involved. I mean some ppl from Bitpay Inc. are accomplices to the "Unknown".

[leipebarry]

That is good news for Bitcoin 
More media attention 
To the haters 

[Q7]

Another thing that crossed my mind was I wonder what would happen to those people who hold an account or invested there. Would they be able to withdrawal their coins now that the company is having issue. Hope not another mt gox saga.

[unamis76]

How can be someone this stupid? No GPG confirmation? No phone confirmation? Nothing? Jesus.

Makes it look like it's frequent to move all these funds just like someone changes shirt without requiring any of the security measures you mentioned... I guess we all expected more from BitPay

[johnyj]

So these people have no telephones to confirm these types of transactions? Everyone know email is the easiest platform to hack. How can they simply trust a email to transfer $2 000 0000 worth of Bitcoin? I hope a full investigation will be launched and some people will get fired for this.

Not necessarily

If Bitpay is selling 1k to 2k bitcoins to SecondMarket frequently on a weekly basis, the most convenient and traceable way is to use email contact. However Bitpay does not require SecondMarket to pay before the transaction, this gave the hacker a chance to attack

In traditional finance system, this attack does not work, since the receiving account must follow the AML KYC measure and the transaction will be reversed by banks following a dispute and court decision. But bitcoin is different, so it is important to double check before sending out bitcoin transactions

This incident also give us a glance of the size of the transaction that is happening in Bitpay: Anything below 2000 is considered as normal

[kokojie]

What kind of fucking retard CFO inputs his email credentials on a 3rd party website, this should be common sense if he only started used Internet for a month. No fucking legit website is going to ask you to input your fucking email credentials.

I don't really blame the CEO on this, since how the fuck would he know his CFO is a fucking retard without common sense.

[ajareselde]

This is clearly mostly bitpay fault due to incompetence. I am not surprised the insurer is refusing to pay, i am confident they wont have to after the trial either.
It's funny how such high amounts of funds go stolen due to such a stupid mistake.

[RGBKey]

This is crazy and not good news, BitPay is what enabled a lot of companies to accept bitcoin and we can't lose them.

[gharding]

Where else can you rip off a couple million with three emails?s

Are you kidding?  2 million is nothing when you compare it with the fraudulent emails initiating many millions more in wire transfers.  

Just a couple from a very quick google search:

http://fortune.com/2015/08/10/ubiquiti-networks-email-scam-40-million/

August 10, 2015
Fraudsters duped this company into handing over $40 million.
A swindler fakes emails from senior managers at the target company and requests (fraudulent) wire transfers.

http://www.securityweek.com/email-scam-nets-214-million-14-months-fbi

January 22, 2015
Email Scam Nets $214 Million in 14 Months: FBI

[MF Doom]

This is clearly mostly bitpay fault due to incompetence. I am not surprised the insurer is refusing to pay, i am confident they wont have to after the trial either.
It's funny how such high amounts of funds go stolen due to such a stupid mistake.

I agree, a LOT of incompetence in these btc companies.  Seems to be the case with amagi metals, which the ceo went around saying they'll be fully btc, not fiat in the next couple years, well they couldnt even make it 6 months and now they are closed.

But, if they DO make it trhough this, I for one will not be using their site.  this to me is a HUGE warning sign, and a red flag that says "pull your funds out of here now!"

[RawDog]

I don't really blame the CEO on this, since how the fuck would he know his CFO is a fucking retard without common sense.

It is absolutely the highest most important task for a CEO to know whether his CFO is a fucking retard without common sense - that's how.  If the CEO does just one thing in his entire career and nothing else at all, he has to know whether the CFO is an idiot.  TOTAL FAIL

[coinpr0n]

https://blog.bitpay.com/last-years-theft/

On September 15, 2015, BitPay filed suit against its insurer, Massachusetts Bay Insurance Company (“MBIC”) to recover amounts owed under a commercial crime policy issued by MBIC to BitPay as well as penalties for MBIC’s bad faith denial of the amounts owed to BitPay under the policy.

BitPay cannot discuss the pending litigation other than to say the amounts owed relate to a theft incident which occurred in December of 2014, nearly one year ago. This was an isolated incident, and none of BitPay’s customers, affiliates or merchants lost any funds. The only victim of the theft was BitPay. All merchant funds were secure, and there were no disruptions to BitPay’s payment services at any time. Additionally, advances in bitcoin cybersecurity over the last year allow BitPay to further protect funds and better serve merchants and bitcoin users.

Stephen Pair,
CEO, BitPay

[jubalix]

so there is 2 mill $ less of BTC than previously thought around.....looks like less supply available.

[Guido]

I don't really blame the CEO on this, since how the fuck would he know his CFO is a fucking retard without common sense.

It is absolutely the highest most important task for a CEO to know whether his CFO is a fucking retard without common sense - that's how.  If the CEO does just one thing in his entire career and nothing else at all, he has to know whether the CFO is an idiot.  TOTAL FAIL

agreed

CFO is a complete tard

just goes to show, particularly in crypto, anyone can give themselves any title they want

'chief science officer' 'president' lol etc.

[amiryaqot]

https://blog.bitpay.com/last-years-theft/

On September 15, 2015, BitPay filed suit against its insurer, Massachusetts Bay Insurance Company (“MBIC”) to recover amounts owed under a commercial crime policy issued by MBIC to BitPay as well as penalties for MBIC’s bad faith denial of the amounts owed to BitPay under the policy.

BitPay cannot discuss the pending litigation other than to say the amounts owed relate to a theft incident which occurred in December of 2014, nearly one year ago. This was an isolated incident, and none of BitPay’s customers, affiliates or merchants lost any funds. The only victim of the theft was BitPay. All merchant funds were secure, and there were no disruptions to BitPay’s payment services at any time. Additionally, advances in bitcoin cybersecurity over the last year allow BitPay to further protect funds and better serve merchants and bitcoin users.

Stephen Pair,
CEO, BitPay

So that incident was happened almost 10 months ago in December 2014 not recently that hack, it doesn't leave any bad impact on bitcoin price as the title looking it happened today.