Pages:
Author

Topic: BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000! - page 3. (Read 11166 times)

full member
Activity: 196
Merit: 100
Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000  Roll Eyes .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags.   Shocked

I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone.

I thought that you were supposed to make a new address for each transaction

https://en.bitcoin.it/wiki/Address_reuse
legendary
Activity: 2506
Merit: 1030
Twitter @realmicroguy
Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000  Roll Eyes .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags.   Shocked

I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone.
legendary
Activity: 1904
Merit: 1074
Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000  Roll Eyes .... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags.   Shocked
legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
In theory This could also happen to a bank after such a social engineering attack. This has nothing to do with usong bitcoin, except for the anonimity regarding the coins. (bank accounts are easier to trace).

Agree with everybody that sendimg 1000 btc without double checking in anyway is a massive failure and a complete lack of common sense.

I hate that phrase "social engineering".  I much prefer "tard hack".
vip
Activity: 1428
Merit: 1145
You do realize that Tony, Stephen and Bryan, all three, communicated via email during the ordeal, never face-to-face, thus at least two, perhaps all three, weren't at BitPay's office there in Atlanta on 12-11/12-12, 2014.
hero member
Activity: 546
Merit: 501
The insurer is arguing the clause...

"The Computer Fraud Insuring Agreement is only triggered by situations where an unauthorized user hacks into or gains unauthorized access into your computer system and uses that access to fraudulently cause a transfer of money to an outside person or place."

They are saying that the CFO's computer is a third party and not insured under the agreement.  They say...

"Computer fraud equates to the use of a computer to "fraudulently cause a transfer" and is not the use of a computer somewhere in a transaction that involves fraud, false pretenses or misrepresentations."

Yes, the security was not very good at BitPay and the guy should have known better, but at the same time, the insurance company seems to be making a really flimsy argument.  It's like Bill Clinton and the meaning of "is."

https://www.youtube.com/watch?v=j4XT-l-_3y0
legendary
Activity: 1904
Merit: 1037
Trusted Bitcoiner
the insurer refused to pay out, saying:

Quote
The Computer Fraud Insuring Agreement is only triggered by situations where an unauthorized user hacks into or gains unauthorized access into your computer system and uses that access to fraudulently cause a transfer of money to an outside person or place.

vip
Activity: 1428
Merit: 1145
I've read this story 3 times today and the amount keeps getting bigger,ffs.
  Correct me if i'm wrong but i read that 5000 BTC were stolen.
 That doesn't equal $2 million at present prices. Huh

http://www.investing.com/currencies/btc-usd-historical-data

Quote
Dec 12, 2014   346.00   341.49   349.65   340.05   1.32%
Dec 11, 2014   341.49   340.00   356.99   332.51   0.44%

5,000 BTC X $356.99 = $1,784,950 (close enough to $1.8M)


Looks like I'm the first to mention the 1CgVfhL676UMhFuc8jmV3RHAhpi9tyYgwL and 14TSsT8Pf3hQvEFNmZXy7Nn8gXsQL3P5kv bitcoin wallet addresses initially used for the hack(?).
full member
Activity: 143
Merit: 100
I've read this story 3 times today and the amount keeps getting bigger,ffs.
  Correct me if i'm wrong but i read that 5000 BTC were stolen.
 That doesn't equal $2 million at present prices. Huh
vip
Activity: 1428
Merit: 1145
Unless BTC-e.com doesn't keep records, they should be able to shed tremendous light on who's behind the hack(?): https://www.walletexplorer.com/wallet/0786ae596ac30cb6
vip
Activity: 1428
Merit: 1145
The following depicts one example of two of the three transactions merging with one another: https://www.walletexplorer.com/wallet/1fef7eb8259a33ad



Notice the date, January 5, 2015. Guess what happened the day before. Give up? This: http://www.coindesk.com/unconfirmed-report-5-million-bitstamp-bitcoin-exchange/

Quote
In the case of Bitstamp, those behind the attack used Skype and email to communicate with employees and attempt to distribute files containing malware by appealing to their personal histories and interests. Bitstamp’s system became compromised after systems administrator Luka Kodric downloaded a file that he believed had been sent by a representative for an organization that was seeking his membership.


"I see patterns!"
vip
Activity: 1428
Merit: 1145
Yep, just under two minutes after getting a fresh cup of coffee: https://blockchain.info/address/1GGrzbDaYUKF5bDLG9dprG44RtzP7Hv3vi

The two addresses (far left, below) providing the 3,000 BTC are BitPay's cold wallet addreses: https://www.walletexplorer.com/txid/30a32a2cdf4bcec3664d2c4d302c0a41709f60ae920c14c0dc16c6af434a4a5a



Just like the previous 2K, this 3K BTC tx was broken up into 600 BTC (400 BTC lots for the former) on the exact same date.

BTW, that 3,000 BTC stems from the last of several 5,000 BTC txs doled out depicted here: https://www.walletexplorer.com/wallet/00ed29a2496f353a
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
Man, I feel bad for Tony. He's a good guy and a good businessman.  Sad
vip
Activity: 1428
Merit: 1145
Just took a break from doing what I was doing and it took me near two minutes to find the first two 1,000 BTC transactions (finding the 3,000 BTC shouldn't take me longer than that once I finish up with this post). It'll take me longer to post my findings than what it took to find the txs. HAHAHA

http://media.bizj.us/view/img/7016312/bitpay-2.pdf




https://www.walletexplorer.com/txid/587e9733b91d7a54c89517c8ab2b354a7105413f7db4d5a9ab57b19084e4243d



Shown below is the first 1,000 BTC stemming from BitPay: https://www.walletexplorer.com/txid/8524141d9bca1da61e9dfb3966b86def848d299b65878c4cd915627598747f5c



Below is the second 1,000 BTC stemming from Bitstamp, as outlined in the email exchange from the insurance company depicted in the image above: https://www.walletexplorer.com/txid/d400d5054e97363585f7026634544c405cecf38ec9c3d8c81a6fabbf56381b67



Q.E.D.
hero member
Activity: 728
Merit: 500
Never ending parties are what Im into.
Its really amazing how quick some of these companies rise up to become a serious business only to later show they have little protection from any one that thinks of sniffing around them. Would be nice if there was almost a community that would take a look at some of these new businesses to help them out and show them leaks in any of their ways of business. Would be good for every one but then again the trusted people in charge of that service would also need to be looked at,so goes the never ending loop of protection.
The more you bring in the more you open up to being scammed,the less you bring in the bigger chance you get scammed by a hacker.

Can you win these days? Undecided
hero member
Activity: 798
Merit: 1000
Move On !!!!!!
Man what a freaking story. I mean what a hell and how long will this be happening. I agree with all of the comments above that Bitcoin cannot advance in adoption until we don't stop seeing horror stories like this in the newspaper.

I mean what are new people that don't understand Bitcoin get from this then, invest in Bitcoin and simply lose all of it by a simple email hack. For God's sake!!
vip
Activity: 1428
Merit: 1145
there is no way of knowing that they are robbing the customers

This was their money, not the money of their clients.

$1.8M of their personal moneys on account or of moneys stemming from VCs? BTW, not bad for the sale of Bitcoin Magazine founded by Matthew Neal Wright, et al.
hero member
Activity: 910
Merit: 1000
there is no way of knowing that they are robbing the customers

This was their money, not the money of their clients.

Debatable...

Quote
The fraudster then sent emails to Bitpay CEO Stephen Pair purporting to be from Krohn, asking Pair to transfer 1,000 bitcoins to a Bitpay customer's "wallet," which he did.

Sounds like it was a customer's funds. They probably just covered the losses.
full member
Activity: 196
Merit: 100
there is no way of knowing that they are robbing the customers

This was their money, not the money of their clients.
legendary
Activity: 918
Merit: 1000
If you leave the keys in the car, the insurer does not pay....

The same story.....
Pages:
Jump to: