Bitcoin Forum
June 16, 2024, 12:23:12 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4] 5 6 7 8 9 »  All
  Print  
Author Topic: BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000!  (Read 11101 times)
GriffinHeart
Full Member
***
Offline Offline

Activity: 182
Merit: 100


Hello there!


View Profile
September 17, 2015, 04:52:32 PM
 #61

Hah "Hacked"
Pretty sure the buggers pulled a Mt Gox and ran away with the $1.8 mil.
Who wouldn't want to bugger off with (nearly) two million USD worth of bitcoin?
Sure, morales and the like, that wasn't their money to run away with.
Not to mention that it wasn't even a hack, it was social engineering that burned them to the ground.
Anyway, if it is genuine, isn't there a way to track where all these millions are heading? It's bitcoin, shouldn't the company know their transaction IDS etc?

Hi there, I'm from South Africa.
This means I'm poor, I guess.
S4VV4S
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 502


View Profile
September 17, 2015, 04:53:07 PM
 #62

Did anyone else think this story made no sense?  Is this another "woops, someone hacked our cold storage that wasn't connected to the internet".

I do. If it's true then BitPay has gone bad.

This simply doesn't make sense:
Quote
According to a lawsuit filed Sept. 15 in federal court in Atlanta, in December 2014, Bryan Krohn, Bitpay's chief financial officer, got an email from someone purporting to be with a digital currency publication asking Krohn to comment on a bitcoin industry document.

Unknown to Krohn or Bitpay, the email sender's computer had been hacked, and the hacker sent the phony email that directed Krohn to a website controlled by the hacker, where Krohn provided the credentials for his Bitpay corporate email account, according to the lawsuit.

Why the fuck would the CFO of BitPay insert their email credentials to an unknown website?
And why would the CEO transfer ANY significant amount of Bitcoins to any account when ordered by JUST an email?

 
MicroGuy (OP)
Legendary
*
Offline Offline

Activity: 2506
Merit: 1030


Twitter @realmicroguy


View Profile WWW
September 17, 2015, 05:14:56 PM
 #63

So that incident was happened almost 10 months ago in December 2014 not recently that hack, it doesn't leave any bad impact on bitcoin price as the title looking it happened today.

This news did happen yesterday. The incident might have happened several months ago, but these events were concealed from the public until late yesterday.

And this information never would have seen the light of day had Bitpay decided not to sue the insurance company.
bitgolden
Legendary
*
Offline Offline

Activity: 2842
Merit: 1130


Leading Crypto Sports Betting & Casino Platform


View Profile
September 17, 2015, 05:16:02 PM
 #64

Why this hack came into light after a long time almost 10 month. Huh Huh

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
mallard
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
September 17, 2015, 05:21:01 PM
 #65

so there is 2 mill $ less of BTC than previously thought around.....looks like less supply available.

The person that stole it is probably going to sell it or use it to buy something.
MicroGuy (OP)
Legendary
*
Offline Offline

Activity: 2506
Merit: 1030


Twitter @realmicroguy


View Profile WWW
September 17, 2015, 05:30:26 PM
 #66

Tony Gallippi and Marcel Roelants of Bitpay.com shared their expertise on RT today. Smiley

https://www.rt.com/shows/keiser-report/315680-episode-max-keiser-811/

Gallippi (Bitpay CEO) mentions how easy it is to send money using Bitcoin. Yeah, you can send millions in a matter of seconds! Cheesy
wxa7115
Hero Member
*****
Offline Offline

Activity: 2758
Merit: 713


View Profile
September 17, 2015, 06:40:02 PM
 #67

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).




Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.
NorrisK
Legendary
*
Offline Offline

Activity: 1946
Merit: 1007



View Profile
September 17, 2015, 06:43:57 PM
 #68

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).




Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.

Indeed. Normally i'm all against their ways of paying out and trying to burn the costumers, but this is just a seriously massive fuck up that should not be rewarded.
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
September 17, 2015, 06:47:24 PM
 #69

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).

Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.

insurer says "we'll insure the security system you have in place on the BTC you hold"
security system gets compromised
insurer says "we meant the security system had to be flawless"


seems legit.

VCLChief
Newbie
*
Offline Offline

Activity: 31
Merit: 0


View Profile
September 17, 2015, 06:56:27 PM
 #70

I bet that hacker worked on bitpay for months before they pulled that off. Everybody thinks that this cant happen to them and the guy is stupid. He not, he just has a bullseye on his back with probably thousands of hackers working on him  from thousands of angles everyday. And somebody finally got through. Live and learn.
moni3z
Hero Member
*****
Offline Offline

Activity: 899
Merit: 1002



View Profile
September 17, 2015, 06:57:57 PM
 #71

got an email from someone purporting to be with a digital currency publication asking Krohn to comment on a bitcoin industry document.

This is literally the oldest phishing trick in the book, Max Butler did this back in early 2000s when breaking into Capital One he simply wrote fake articles that mentioned the employee by name (or their service) and then asked them to comment on it, they'd land on a page full of XSS to grab credentials.

If Bitpay employees used QubesOS this would have never happened since credentials are stored in separate VMs, so your Work VM for logging into Bitpay admin functions (why they have this admin API in the first place who knows) is separated from the VM that reads your emails and loads links. It's "good enough" separated so none of your client logins can be easily grabbed. Even if they simply ran 2 virtual box VMs, one for public facing communication and one for internal communication/connections as a basic compartmentalization that would have prevented this old attack.

Also, do your admin stuff out-of-band. Write a separate admin app (bonus: the admin app can look shitty, and so is less expensive to maintain) that requires a VPN key connection to access. Avoid special-privilege accounts in your main app.

chek2fire
Legendary
*
Offline Offline

Activity: 3416
Merit: 1142


Intergalactic Conciliator


View Profile
September 17, 2015, 07:08:04 PM
 #72

The real problem in Bitcoin ecosystem is that is full with kid companies. You cant lost so much bitcoin like that and after this you claim to be a serious company

http://www.bitcoin-gr.org
4411 804B 0181 F444 ADBD 01D4 0664 00E4 37E7 228E
EternalWingsofGod
Hero Member
*****
Offline Offline

Activity: 700
Merit: 500



View Profile
September 17, 2015, 08:50:24 PM
 #73

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).

Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.

insurer says "we'll insure the security system you have in place on the BTC you hold"
security system gets compromised
insurer says "we meant the security system had to be flawless"


seems legit.


That is an insurance company for you
We will write the policy and as long as you never claim we will not have an issue, but the day you do claim we will see you in court.
Either that or the policy wasn't that old.

Pab
Legendary
*
Offline Offline

Activity: 1862
Merit: 1012


View Profile
September 17, 2015, 08:56:33 PM
 #74

 
 Very strange typical pishing attack,guys responsible for BitPay security are doing poor job
Will be ever quiet days in bitcoin space,how btc can grow,always something happen

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
Keyser Soze
Sr. Member
****
Offline Offline

Activity: 470
Merit: 250


View Profile
September 17, 2015, 09:28:11 PM
 #75

Try emailing your bank a wire request and see what they do. Email is not secure, they either had a poor internal policy or did follow their existing policy.
randy8777
Legendary
*
Offline Offline

Activity: 896
Merit: 1000


View Profile
September 17, 2015, 10:18:18 PM
 #76

not again please, pfff. the market doesn't seem to react to something that is very bad news. 5000btc is a huge load of coins, but not that much to bring the market in danger.
chek2fire
Legendary
*
Offline Offline

Activity: 3416
Merit: 1142


Intergalactic Conciliator


View Profile
September 17, 2015, 10:20:21 PM
 #77

epic fail imo from Bitpay. The bitcoin companies must work much more their security systems. This is silly to lost bitcoin like that.

http://www.bitcoin-gr.org
4411 804B 0181 F444 ADBD 01D4 0664 00E4 37E7 228E
XCASH
Legendary
*
Offline Offline

Activity: 929
Merit: 1000


View Profile
September 17, 2015, 10:50:33 PM
 #78

If Bitpay kept this quiet until now then what else are they keeping quiet about? There might be nothing else dodgy going on behind the scenes, but after this incident it's obvious they will also cover up anything else that's embarrassing. I liked Bitpay for offering a service that lets you pay for things fast with Bitcoin but it will take some time to restore my trust in them. What's the name of their biggest competitor? That will probably get a large chunk of Bitpay's market share now.
stuff0577
Full Member
***
Offline Offline

Activity: 138
Merit: 100

More stuff will come.


View Profile WWW
September 17, 2015, 11:24:20 PM
 #79

They should do thorough checking on the email their email before doing suck a thing  Angry

DAILAI Peer-to-peer micro transport services
yefi
Legendary
*
Offline Offline

Activity: 2842
Merit: 1511



View Profile
September 18, 2015, 12:43:02 AM
 #80

Hi Stephen, if you're reading this, this is Bryan Krohn. How's it hanging bro?

Can you transfer 1000BTC to the following Bitcoin address please. Thanks!

bitcoin:1BitcoinEaterAddressDontSendf59kuE?amount=1000.000000&label=younumbskull
Pages: « 1 2 3 [4] 5 6 7 8 9 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!