BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000!

[MF Doom]

By not disclosing this earlier I also wonder what else the company could be hiding. I've just lost a lot of faith in Bitpay. As for this happening in legacy bank systems - they could probably just reverse the mistaked transaction. Fungibility is not such a big deal for them.

Are they still a functioning company?  If they are, I'd be amazed to see them around much longer, this is BAD press, and makes the company leaders look pretty incompetent

[teddy5145]

And still we always ask why people don't want to use Bitcoin.
There's too many negative news compared to the positive news to bitcoin.
And it's easily to be hacked compared to flat paper based money 
I think we need to beef up the security here

Unless, this is just another mt gox cases 

[spazzdla]

And still we always ask why people don't want to use Bitcoin.
There's too many negative news compared to the positive news to bitcoin.
And it's easily to be hacked compared to flat paper based money 
I think we need to beef up the security here

Unless, this is just another mt gox cases 

OOOH really?  I'd love to see the proof of someone hacking bitcoin to find a list of private keys with large amounts of BTC.

[MF Doom]

And still we always ask why people don't want to use Bitcoin.
There's too many negative news compared to the positive news to bitcoin.
And it's easily to be hacked compared to flat paper based money 
I think we need to beef up the security here

Unless, this is just another mt gox cases 

luckily this is minor in scale compared to gox, I mean gox was hundreds of millions of $ worth of btc gone.  $2mil is a relatively small smount.

BUT, I am wondering if ANY insurance company has EVER paid out for a btc claim.  I mean, how could you prove that the coins were stolen, if you just sent them say to a paper wallet and tried to hide them?  I cant imagine any insurance companies are paying out.  Has anyone heard of an insurance payout for a btc related case?

[coinpr0n]

And still we always ask why people don't want to use Bitcoin.
There's too many negative news compared to the positive news to bitcoin.
And it's easily to be hacked compared to flat paper based money 
I think we need to beef up the security here

Unless, this is just another mt gox cases 

luckily this is minor in scale compared to gox, I mean gox was hundreds of millions of $ worth of btc gone.  $2mil is a relatively small smount.

BUT, I am wondering if ANY insurance company has EVER paid out for a btc claim.  I mean, how could you prove that the coins were stolen, if you just sent them say to a paper wallet and tried to hide them?  I cant imagine any insurance companies are paying out.  Has anyone heard of an insurance payout for a btc related case?

Not that I am aware of. It would only make sense if the security systems and procedures were audited by the insurer (and they understood them). I can think of Coinbase as an example of an insured company but not sure what the deal is. It seems like Bitpay's insurer didn't audit them very well.

[MicroGuy]

Bitpay has just released an 'explanation' has to how this mistake happened.

"... advances in bitcoin cybersecurity over the last year allow BitPay to further protect funds and better serve merchants and bitcoin users."

https://blog.bitpay.com/last-years-theft/

It was because of flaws in bitcoin's security at the time of the incident.  

[coinpr0n]

Bitpay has just released an explanation has to how this mistake happened.

https://blog.bitpay.com/last-years-theft/

It was due to a weakness in the Bitcoin technology at the time.

They aren't very specific about what technological problem it is. And not too much is different from one year ago. At least MtGox claimed "transaction malleability".

[MF Doom]

Bitpay has just released an explanation has to how this mistake happened.

https://blog.bitpay.com/last-years-theft/

It was due to a weakness in the Bitcoin technology at the time.

They aren't very specific about what technological problem it is. And not too much is different from one year ago. At least MtGox claimed "transaction malleability".

I agree, I dont see much difference in use/usability since only 10 months ago.

If anything, I feel LESS secure using btc, because of all the hacks, thefts, stolen data, etc...sounds like he is just trying to make it sound like this was somehow not their fault??  To me it doesn't make the situation any easier to stomach.

[adamstgBit]

Bitpay has just released an explanation has to how this mistake happened.

https://blog.bitpay.com/last-years-theft/

It was due to a weakness in the Bitcoin technology at the time.

that's not what's written there.

[MicroGuy]

Bitpay has just released an explanation has to how this mistake happened.

https://blog.bitpay.com/last-years-theft/

It was due to a weakness in the Bitcoin technology at the time.

that's not what's written there.

Correct. It was due to limitations in Bitcoin cybersecurity 10 months ago.

"... advances in bitcoin cybersecurity over the last year allow BitPay to further protect funds and better serve merchants and bitcoin users."

Let's all be thankful that these advances have since been achieved.

[Amph]

there is no way of knowing that they are robbing the customers and everytime they come up with the same excuse that someone or something else stole it or various random problem about security and etc...? none right?

i'm starting to believe that they are lying...

[johnyj]

This has something to do with bitcoin too. This kind of theft would never happen in legacy financial system where each account have a clear ownership registration by the banks, and supervised by regulators. So the fraudulent payment will always be reversed by the banks. However bitcoin is like cash, once bitcoin moved to another address, it is like cash being stolen, there is almost no way to trace it back

That's also the reason large banks are refusing to do bitcoin related business. If it really works like cash, then all those regulations around cash might apply to bitcoin: Daily withdraw limit, maximum number of cash allowed in one transaction etc...

You would think so, but that's not how the world works. What you are basically suggesting is that no fraud whatsoever can occur in the banking system because of how regulated it is because regulatory agencies can just reverse transactions. Take a look at history. It is ripe with thousands of cases of banking scams and fraud that were never recovered from. Especially when you are involving foreign banks, with foreign laws and regulations. There is so much red tape involved in getting such large wires reversed. Once the money is sent overseas, it's basically gone. Foreign banks will always put their account holders first, instead of taking orders from another banking institution outside of their country.

The only way such foreign banks would reverse transactions would be through a court order, from their country of residence. Wire Transfers may be traceable to account holders, but when you start involving multiple foreign countries and multiple unassociated accounts, the money is as good as gone. It can take YEARS to get effective court to get any kind of action, and by then the money is long gone, and likely is any evidence. Not to mention building a case and presenting evidence to the notion that there was fraud/scam involved, IN (possible multiple) foreign countries.

After you exceed more than 2 or 3 bank transfers beyond the initial fraud, that money will likely never be recovered. You'd be dealing with multiple parties/shell bank accounts. The party that is at the end, has nothing to do with the past 2 owners of the money. Can you imagine if someone spent a couple millions of dollars to your company, you gave them the product, they disappear with it, and then agencies try to take your money saying the 3rd to last owner stole it? There's no way on earth in any court system would get behind that.

I do international transfer daily, routed through multiple banks, it does not work like what you described, there are strict control each step, a slightest mismatch would put your fund on hold until more documents provided

In the case of Bitpay, if it is fiat money, the receiving end would always be a bank account hold by SecondMarket, all the intermediary banks know this. Also, if the receiving bank account number changed, Bitpay will notice it at the first place. And, even money were mistakenly sent to a foreign account, that amount will be first frozen at receiving end before the receiver provide enough evidence of the transaction and where is the money coming from, because it is a large sum of money. Banks can stop it if they want, but sometimes they are also participating in money laundering for VIP because of the high profit especially political benefit it gives, but that's another topic

[Keyser Soze]

By not disclosing this earlier I also wonder what else the company could be hiding. I've just lost a lot of faith in Bitpay. As for this happening in legacy bank systems - they could probably just reverse the mistaked transaction. Fungibility is not such a big deal for them.

Wire fraud is still a huge problem for the traditional banking system. Sometimes they can be reversed but generally once the fraud is detected it is too late for the money to be retrieved.

[Gleb Gamow]

By not disclosing this earlier I also wonder what else the company could be hiding. I've just lost a lot of faith in Bitpay. As for this happening in legacy bank systems - they could probably just reverse the mistaked transaction. Fungibility is not such a big deal for them.

Were BitPay's VC funders made aware of the thanks-for-the-phish?

<apologies for the duplicate posts yesterday which I deleted. it happened during the rare times that BCT was experiencing a glitch>

[Gleb Gamow]

Instead of trusting third parities for payment we need to start using vanilla coin, sub zero transactions that can't be double spent....BINGO.

Using eBay as an example, I'm pretty sure there were hundreds of thousands of thiefs made aware online, etc., while their stock continued to split through the years.

[Gleb Gamow]

Bitpay has just released an explanation has to how this mistake happened.

https://blog.bitpay.com/last-years-theft/

It was due to a weakness in the Bitcoin technology at the time.

that's not what's written there.

Here's an idea! Post the complete post. It's not like it's a Leroy Fodor diatribe.

On September 15, 2015, BitPay filed suit against its insurer, Massachusetts Bay Insurance Company (“MBIC”) to recover amounts owed under a commercial crime policy issued by MBIC to BitPay as well as penalties for MBIC’s bad faith denial of the amounts owed to BitPay under the policy.

BitPay cannot discuss the pending litigation other than to say the amounts owed relate to a theft incident which occurred in December of 2014, nearly one year ago. This was an isolated incident, and none of BitPay’s customers, affiliates or merchants lost any funds. The only victim of the theft was BitPay. All merchant funds were secure, and there were no disruptions to BitPay’s payment services at any time. Additionally, advances in bitcoin cybersecurity over the last year allow BitPay to further protect funds and better serve merchants and bitcoin users.

Stephen Pair,
CEO, BitPay

What are the chances of one of you blockchain forensic sleuths hunting down at least the larger of the three transactions (if not all three) so we could witness any movements, coupled with gleaning any other info directly or indirectly from said tx (e.g., [local] time of day of occurrence)?

[CoinCidental]

i believe this was an inside job ala gox ..........

nobody transfers a couple of million dollars on the strength of a fake email

[Gleb Gamow]

Conducting a little research on my own... https://www.walletexplorer.com/address/1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf?page=3

Remember that address? Take a look at when it was first created and what it was initially seeded with it. Weird, eh?

[maokoto]

This raises the risk score of Bitcoin in the mind of non-adopters. I have talked to two or three friends about Bitcoin and they all say the same "it is dangerous/risky". As their only information is the one received through the media, this is not very good for Bitcoin popularity.

[gablay12]

If you leave the keys in the car, the insurer does not pay....

The same story.....