It was just too easy for these guys to "hack" $ 2 000 000
![Roll Eyes](https://bitcointalk.org/Smileys/default/rolleyes.gif)
I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags.
![Shocked](https://bitcointalk.org/Smileys/default/shocked.gif)
I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone.
I thought that you were supposed to make a new address for each transaction
https://en.bitcoin.it/wiki/Address_reuse