BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000! - page 3.

mallard

full member

Activity: 196

Merit: 100

Quote from: MicroGuy on September 19, 2015, 09:05:09 AM

Quote from: Kprawn on September 19, 2015, 02:01:29 AM

Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000 Roll Eyes

.... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags. Shocked

I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone.

I thought that you were supposed to make a new address for each transaction

https://en.bitcoin.it/wiki/Address_reuse

MicroGuy

legendary

Activity: 2506

Merit: 1030

Twitter @realmicroguy

Quote from: Kprawn on September 19, 2015, 02:01:29 AM

Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000 Roll Eyes

.... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags. Shocked

I might have missed something but it does seems that if Bitpay was sending millions in BTC, they would have only done so to a "known bitcoin address" already existing on file for customer transfers. It's hard to imagine any competent/sane individual sending that volume to a fresh unknown address(es) based on an email request alone.

Kprawn

legendary

Activity: 1904

Merit: 1074

Something smells fishy... I know some people are saying the CEO and founder of this company will never do this to his own company, but I have to disagree.

It was just too easy for these guys to "hack" $ 2 000 000 Roll Eyes

.... I cannot imagine that there are no checks and balances in place to confirm/verify transfers like this.

I will not trust BitPay if this is the way they handle money transfers. The first email should already have raised some red flags. Shocked

The Sceptical Chymist

legendary

Activity: 3500

Merit: 6981

Top Crypto Casino

Quote from: NorrisK on September 17, 2015, 04:14:58 AM

In theory This could also happen to a bank after such a social engineering attack. This has nothing to do with usong bitcoin, except for the anonimity regarding the coins. (bank accounts are easier to trace).

Agree with everybody that sendimg 1000 btc without double checking in anyway is a massive failure and a complete lack of common sense.

I hate that phrase "social engineering". I much prefer "tard hack".

Gleb Gamow

vip

Activity: 1428

Merit: 1145

You do realize that Tony, Stephen and Bryan, all three, communicated via email during the ordeal, never face-to-face, thus at least two, perhaps all three, weren't at BitPay's office there in Atlanta on 12-11/12-12, 2014.

edric

hero member

Activity: 546

Merit: 501

The insurer is arguing the clause...

"The Computer Fraud Insuring Agreement is only triggered by situations where an unauthorized user hacks into or gains unauthorized access into your computer system and uses that access to fraudulently cause a transfer of money to an outside person or place."

They are saying that the CFO's computer is a third party and not insured under the agreement. They say...

"Computer fraud equates to the use of a computer to "fraudulently cause a transfer" and is not the use of a computer somewhere in a transaction that involves fraud, false pretenses or misrepresentations."

Yes, the security was not very good at BitPay and the guy should have known better, but at the same time, the insurance company seems to be making a really flimsy argument. It's like Bill Clinton and the meaning of "is."

https://www.youtube.com/watch?v=j4XT-l-_3y0

adamstgBit

legendary

Activity: 1904

Merit: 1037

Trusted Bitcoiner

the insurer refused to pay out, saying:

Quote

The Computer Fraud Insuring Agreement is only triggered by situations where an unauthorized user hacks into or gains unauthorized access into your computer system and uses that access to fraudulently cause a transfer of money to an outside person or place.

Gleb Gamow

vip

Activity: 1428

Merit: 1145

Quote from: hikedoon on September 18, 2015, 05:11:21 PM

I've read this story 3 times today and the amount keeps getting bigger,ffs.
Correct me if i'm wrong but i read that 5000 BTC were stolen.
That doesn't equal $2 million at present prices. Huh

http://www.investing.com/currencies/btc-usd-historical-data

Quote

Dec 12, 2014 346.00 341.49 349.65 340.05 1.32%
Dec 11, 2014 341.49 340.00 356.99 332.51 0.44%

5,000 BTC X $356.99 = $1,784,950 (close enough to $1.8M)

Looks like I'm the first to mention the 1CgVfhL676UMhFuc8jmV3RHAhpi9tyYgwL and 14TSsT8Pf3hQvEFNmZXy7Nn8gXsQL3P5kv bitcoin wallet addresses initially used for the hack(?).

hikedoon

full member

Activity: 143

Merit: 100

I've read this story 3 times today and the amount keeps getting bigger,ffs.
Correct me if i'm wrong but i read that 5000 BTC were stolen.
That doesn't equal $2 million at present prices. Huh

Gleb Gamow

vip

Activity: 1428

Merit: 1145

Unless BTC-e.com doesn't keep records, they should be able to shed tremendous light on who's behind the hack(?): https://www.walletexplorer.com/wallet/0786ae596ac30cb6

Gleb Gamow

vip

Activity: 1428

Merit: 1145

The following depicts one example of two of the three transactions merging with one another: https://www.walletexplorer.com/wallet/1fef7eb8259a33ad

Notice the date, January 5, 2015. Guess what happened the day before. Give up? This: http://www.coindesk.com/unconfirmed-report-5-million-bitstamp-bitcoin-exchange/

Quote

In the case of Bitstamp, those behind the attack used Skype and email to communicate with employees and attempt to distribute files containing malware by appealing to their personal histories and interests. Bitstamp’s system became compromised after systems administrator Luka Kodric downloaded a file that he believed had been sent by a representative for an organization that was seeking his membership.

"I see patterns!"

Gleb Gamow

vip

Activity: 1428

Merit: 1145

Yep, just under two minutes after getting a fresh cup of coffee: https://blockchain.info/address/1GGrzbDaYUKF5bDLG9dprG44RtzP7Hv3vi

The two addresses (far left, below) providing the 3,000 BTC are BitPay's cold wallet addreses: https://www.walletexplorer.com/txid/30a32a2cdf4bcec3664d2c4d302c0a41709f60ae920c14c0dc16c6af434a4a5a

Just like the previous 2K, this 3K BTC tx was broken up into 600 BTC (400 BTC lots for the former) on the exact same date.

BTW, that 3,000 BTC stems from the last of several 5,000 BTC txs doled out depicted here: https://www.walletexplorer.com/wallet/00ed29a2496f353a

RodeoX

legendary

Activity: 3066

Merit: 1147

The revolution will be monetized!

Man, I feel bad for Tony. He's a good guy and a good businessman. Sad

Gleb Gamow

vip

Activity: 1428

Merit: 1145

Just took a break from doing what I was doing and it took me near two minutes to find the first two 1,000 BTC transactions (finding the 3,000 BTC shouldn't take me longer than that once I finish up with this post). It'll take me longer to post my findings than what it took to find the txs. HAHAHA

http://media.bizj.us/view/img/7016312/bitpay-2.pdf

https://www.walletexplorer.com/txid/587e9733b91d7a54c89517c8ab2b354a7105413f7db4d5a9ab57b19084e4243d

Shown below is the first 1,000 BTC stemming from BitPay: https://www.walletexplorer.com/txid/8524141d9bca1da61e9dfb3966b86def848d299b65878c4cd915627598747f5c

Below is the second 1,000 BTC stemming from Bitstamp, as outlined in the email exchange from the insurance company depicted in the image above: https://www.walletexplorer.com/txid/d400d5054e97363585f7026634544c405cecf38ec9c3d8c81a6fabbf56381b67

Q.E.D.

Sourgummies

hero member

Activity: 728

Merit: 500

Never ending parties are what Im into.

Its really amazing how quick some of these companies rise up to become a serious business only to later show they have little protection from any one that thinks of sniffing around them. Would be nice if there was almost a community that would take a look at some of these new businesses to help them out and show them leaks in any of their ways of business. Would be good for every one but then again the trusted people in charge of that service would also need to be looked at,so goes the never ending loop of protection.
The more you bring in the more you open up to being scammed,the less you bring in the bigger chance you get scammed by a hacker.

Can you win these days? Undecided

Mickeyb

hero member

Activity: 798

Merit: 1000

Move On !!!!!!

Man what a freaking story. I mean what a hell and how long will this be happening. I agree with all of the comments above that Bitcoin cannot advance in adoption until we don't stop seeing horror stories like this in the newspaper.

I mean what are new people that don't understand Bitcoin get from this then, invest in Bitcoin and simply lose all of it by a simple email hack. For God's sake!!

Gleb Gamow

vip

Activity: 1428

Merit: 1145

Quote from: mallard on September 18, 2015, 01:06:48 PM

Quote from: Amph on September 18, 2015, 09:09:11 AM

there is no way of knowing that they are robbing the customers

This was their money, not the money of their clients.

$1.8M of their personal moneys on account or of moneys stemming from VCs? BTW, not bad for the sale of Bitcoin Magazine founded by Matthew Neal Wright, et al.

coinpr0n

hero member

Activity: 910

Merit: 1000

Quote from: mallard on September 18, 2015, 01:06:48 PM

Quote from: Amph on September 18, 2015, 09:09:11 AM

there is no way of knowing that they are robbing the customers

This was their money, not the money of their clients.

Debatable...

Quote

The fraudster then sent emails to Bitpay CEO Stephen Pair purporting to be from Krohn, asking Pair to transfer 1,000 bitcoins to a Bitpay customer's "wallet," which he did.

Sounds like it was a customer's funds. They probably just covered the losses.

mallard

full member

Activity: 196

Merit: 100

Quote from: Amph on September 18, 2015, 09:09:11 AM

there is no way of knowing that they are robbing the customers

This was their money, not the money of their clients.

gablay12

legendary

Activity: 918

Merit: 1000

If you leave the keys in the car, the insurer does not pay....

The same story.....

Topic: BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000! - page 3. (Read 11153 times)