BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000!

[GriffinHeart]

Hah "Hacked"
Pretty sure the buggers pulled a Mt Gox and ran away with the $1.8 mil.
Who wouldn't want to bugger off with (nearly) two million USD worth of bitcoin?
Sure, morales and the like, that wasn't their money to run away with.
Not to mention that it wasn't even a hack, it was social engineering that burned them to the ground.
Anyway, if it is genuine, isn't there a way to track where all these millions are heading? It's bitcoin, shouldn't the company know their transaction IDS etc?

[S4VV4S]

Did anyone else think this story made no sense?  Is this another "woops, someone hacked our cold storage that wasn't connected to the internet".

I do. If it's true then BitPay has gone bad.

This simply doesn't make sense:

According to a lawsuit filed Sept. 15 in federal court in Atlanta, in December 2014, Bryan Krohn, Bitpay's chief financial officer, got an email from someone purporting to be with a digital currency publication asking Krohn to comment on a bitcoin industry document.

Unknown to Krohn or Bitpay, the email sender's computer had been hacked, and the hacker sent the phony email that directed Krohn to a website controlled by the hacker, where Krohn provided the credentials for his Bitpay corporate email account, according to the lawsuit.

Why the fuck would the CFO of BitPay insert their email credentials to an unknown website?
And why would the CEO transfer ANY significant amount of Bitcoins to any account when ordered by JUST an email?

 

[MicroGuy]

So that incident was happened almost 10 months ago in December 2014 not recently that hack, it doesn't leave any bad impact on bitcoin price as the title looking it happened today.

This news did happen yesterday. The incident might have happened several months ago, but these events were concealed from the public until late yesterday.

And this information never would have seen the light of day had Bitpay decided not to sue the insurance company.

[bitgolden]

Why this hack came into light after a long time almost 10 month.

[mallard]

so there is 2 mill $ less of BTC than previously thought around.....looks like less supply available.

The person that stole it is probably going to sell it or use it to buy something.

[MicroGuy]

Tony Gallippi and Marcel Roelants of Bitpay.com shared their expertise on RT today.

https://www.rt.com/shows/keiser-report/315680-episode-max-keiser-811/

Gallippi (Bitpay CEO) mentions how easy it is to send money using Bitcoin. Yeah, you can send millions in a matter of seconds!

[wxa7115]

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).

Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.

[NorrisK]

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).

Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.

Indeed. Normally i'm all against their ways of paying out and trying to burn the costumers, but this is just a seriously massive fuck up that should not be rewarded.

[adamstgBit]

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).

Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.

insurer says "we'll insure the security system you have in place on the BTC you hold"
security system gets compromised
insurer says "we meant the security system had to be flawless"


seems legit.

[VCLChief]

I bet that hacker worked on bitpay for months before they pulled that off. Everybody thinks that this cant happen to them and the guy is stupid. He not, he just has a bullseye on his back with probably thousands of hackers working on him  from thousands of angles everyday. And somebody finally got through. Live and learn.

[moni3z]

got an email from someone purporting to be with a digital currency publication asking Krohn to comment on a bitcoin industry document.

This is literally the oldest phishing trick in the book, Max Butler did this back in early 2000s when breaking into Capital One he simply wrote fake articles that mentioned the employee by name (or their service) and then asked them to comment on it, they'd land on a page full of XSS to grab credentials.

If Bitpay employees used QubesOS this would have never happened since credentials are stored in separate VMs, so your Work VM for logging into Bitpay admin functions (why they have this admin API in the first place who knows) is separated from the VM that reads your emails and loads links. It's "good enough" separated so none of your client logins can be easily grabbed. Even if they simply ran 2 virtual box VMs, one for public facing communication and one for internal communication/connections as a basic compartmentalization that would have prevented this old attack.

Also, do your admin stuff out-of-band. Write a separate admin app (bonus: the admin app can look shitty, and so is less expensive to maintain) that requires a VPN key connection to access. Avoid special-privilege accounts in your main app.

[chek2fire]

The real problem in Bitcoin ecosystem is that is full with kid companies. You cant lost so much bitcoin like that and after this you claim to be a serious company

[EternalWingsofGod]

can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).

Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.

insurer says "we'll insure the security system you have in place on the BTC you hold"
security system gets compromised
insurer says "we meant the security system had to be flawless"


seems legit.

That is an insurance company for you
We will write the policy and as long as you never claim we will not have an issue, but the day you do claim we will see you in court.
Either that or the policy wasn't that old.

[Pab]

 
 Very strange typical pishing attack,guys responsible for BitPay security are doing poor job
Will be ever quiet days in bitcoin space,how btc can grow,always something happen

[Keyser Soze]

Try emailing your bank a wire request and see what they do. Email is not secure, they either had a poor internal policy or did follow their existing policy.

[randy8777]

not again please, pfff. the market doesn't seem to react to something that is very bad news. 5000btc is a huge load of coins, but not that much to bring the market in danger.

[chek2fire]

epic fail imo from Bitpay. The bitcoin companies must work much more their security systems. This is silly to lost bitcoin like that.

[XCASH]

If Bitpay kept this quiet until now then what else are they keeping quiet about? There might be nothing else dodgy going on behind the scenes, but after this incident it's obvious they will also cover up anything else that's embarrassing. I liked Bitpay for offering a service that lets you pay for things fast with Bitcoin but it will take some time to restore my trust in them. What's the name of their biggest competitor? That will probably get a large chunk of Bitpay's market share now.

[stuff0577]

They should do thorough checking on the email their email before doing suck a thing 

[yefi]

Hi Stephen, if you're reading this, this is Bryan Krohn. How's it hanging bro?

Can you transfer 1000BTC to the following Bitcoin address please. Thanks!

bitcoin:1BitcoinEaterAddressDontSendf59kuE?amount=1000.000000&label=younumbskull