Topic: BREAKING: Atlanta based Bitcoin giant BitPay hacked for nearly $2,000,000! - page 6. (Read 11101 times)
September 17, 2015, 07:24:20 PM
They should do thorough checking on the email their email before doing suck a thing
September 17, 2015, 06:50:33 PM
If Bitpay kept this quiet until now then what else are they keeping quiet about? There might be nothing else dodgy going on behind the scenes, but after this incident it's obvious they will also cover up anything else that's embarrassing. I liked Bitpay for offering a service that lets you pay for things fast with Bitcoin but it will take some time to restore my trust in them. What's the name of their biggest competitor? That will probably get a large chunk of Bitpay's market share now.
September 17, 2015, 06:20:21 PM
epic fail imo from Bitpay. The bitcoin companies must work much more their security systems. This is silly to lost bitcoin like that.
September 17, 2015, 06:18:18 PM
not again please, pfff. the market doesn't seem to react to something that is very bad news. 5000btc is a huge load of coins, but not that much to bring the market in danger.
September 17, 2015, 05:28:11 PM
Try emailing your bank a wire request and see what they do. Email is not secure, they either had a poor internal policy or did follow their existing policy.
September 17, 2015, 04:56:33 PM
Very strange typical pishing attack,guys responsible for BitPay security are doing poor job
Will be ever quiet days in bitcoin space,how btc can grow,always something happen
September 17, 2015, 04:50:24 PM
can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).
Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.
insurer says "we'll insure the security system you have in place on the BTC you hold"
security system gets compromised
insurer says "we meant the security system had to be flawless"
seems legit.
That is an insurance company for you
We will write the policy and as long as you never claim we will not have an issue, but the day you do claim we will see you in court.
Either that or the policy wasn't that old.
September 17, 2015, 03:08:04 PM
The real problem in Bitcoin ecosystem is that is full with kid companies. You cant lost so much bitcoin like that and after this you claim to be a serious company
September 17, 2015, 02:57:57 PM
got an email from someone purporting to be with a digital currency publication asking Krohn to comment on a bitcoin industry document.
This is literally the oldest phishing trick in the book, Max Butler did this back in early 2000s when breaking into Capital One he simply wrote fake articles that mentioned the employee by name (or their service) and then asked them to comment on it, they'd land on a page full of XSS to grab credentials.
If Bitpay employees used QubesOS this would have never happened since credentials are stored in separate VMs, so your Work VM for logging into Bitpay admin functions (why they have this admin API in the first place who knows) is separated from the VM that reads your emails and loads links. It's "good enough" separated so none of your client logins can be easily grabbed. Even if they simply ran 2 virtual box VMs, one for public facing communication and one for internal communication/connections as a basic compartmentalization that would have prevented this old attack.
Also, do your admin stuff out-of-band. Write a separate admin app (bonus: the admin app can look shitty, and so is less expensive to maintain) that requires a VPN key connection to access. Avoid special-privilege accounts in your main app.
September 17, 2015, 02:56:27 PM
I bet that hacker worked on bitpay for months before they pulled that off. Everybody thinks that this cant happen to them and the guy is stupid. He not, he just has a bullseye on his back with probably thousands of hackers working on him from thousands of angles everyday. And somebody finally got through. Live and learn.
September 17, 2015, 02:47:24 PM
can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).
Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.
insurer says "we'll insure the security system you have in place on the BTC you hold"
security system gets compromised
insurer says "we meant the security system had to be flawless"
seems legit.
September 17, 2015, 02:43:57 PM
can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).
Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.
Indeed. Normally i'm all against their ways of paying out and trying to burn the costumers, but this is just a seriously massive fuck up that should not be rewarded.
September 17, 2015, 02:40:02 PM
can't blame the insurer for not wanting to cover for such incompetence (and can't say i've sided with an insurer before).
Because they are not dumber than a bag of rocks, while I don’t like insurers that much either, I really hope that they win this, st*pidity of this magnitude must be punished.
September 17, 2015, 01:30:26 PM
Tony Gallippi and Marcel Roelants of Bitpay.com shared their expertise on RT today. 
https://www.rt.com/shows/keiser-report/315680-episode-max-keiser-811/
Gallippi (Bitpay CEO) mentions how easy it is to send money using Bitcoin. Yeah, you can send millions in a matter of seconds!
https://www.rt.com/shows/keiser-report/315680-episode-max-keiser-811/
Gallippi (Bitpay CEO) mentions how easy it is to send money using Bitcoin. Yeah, you can send millions in a matter of seconds!
September 17, 2015, 01:21:01 PM
so there is 2 mill $ less of BTC than previously thought around.....looks like less supply available.
The person that stole it is probably going to sell it or use it to buy something.
September 17, 2015, 01:16:02 PM
Why this hack came into light after a long time almost 10 month. 
September 17, 2015, 01:14:56 PM
So that incident was happened almost 10 months ago in December 2014 not recently that hack, it doesn't leave any bad impact on bitcoin price as the title looking it happened today.
This news did happen yesterday. The incident might have happened several months ago, but these events were concealed from the public until late yesterday.
And this information never would have seen the light of day had Bitpay decided not to sue the insurance company.
September 17, 2015, 12:53:07 PM
Did anyone else think this story made no sense? Is this another "woops, someone hacked our cold storage that wasn't connected to the internet".
I do. If it's true then BitPay has gone bad.
This simply doesn't make sense:
Quote
According to a lawsuit filed Sept. 15 in federal court in Atlanta, in December 2014, Bryan Krohn, Bitpay's chief financial officer, got an email from someone purporting to be with a digital currency publication asking Krohn to comment on a bitcoin industry document.
Unknown to Krohn or Bitpay, the email sender's computer had been hacked, and the hacker sent the phony email that directed Krohn to a website controlled by the hacker, where Krohn provided the credentials for his Bitpay corporate email account, according to the lawsuit.
Unknown to Krohn or Bitpay, the email sender's computer had been hacked, and the hacker sent the phony email that directed Krohn to a website controlled by the hacker, where Krohn provided the credentials for his Bitpay corporate email account, according to the lawsuit.
Why the fuck would the CFO of BitPay insert their email credentials to an unknown website?
And why would the CEO transfer ANY significant amount of Bitcoins to any account when ordered by JUST an email?
September 17, 2015, 12:52:32 PM
Hah "Hacked"
Pretty sure the buggers pulled a Mt Gox and ran away with the $1.8 mil.
Who wouldn't want to bugger off with (nearly) two million USD worth of bitcoin?
Sure, morales and the like, that wasn't their money to run away with.
Not to mention that it wasn't even a hack, it was social engineering that burned them to the ground.
Anyway, if it is genuine, isn't there a way to track where all these millions are heading? It's bitcoin, shouldn't the company know their transaction IDS etc?
Pretty sure the buggers pulled a Mt Gox and ran away with the $1.8 mil.
Who wouldn't want to bugger off with (nearly) two million USD worth of bitcoin?
Sure, morales and the like, that wasn't their money to run away with.
Not to mention that it wasn't even a hack, it was social engineering that burned them to the ground.
Anyway, if it is genuine, isn't there a way to track where all these millions are heading? It's bitcoin, shouldn't the company know their transaction IDS etc?
September 17, 2015, 12:47:26 PM
https://blog.bitpay.com/last-years-theft/
Quote
On September 15, 2015, BitPay filed suit against its insurer, Massachusetts Bay Insurance Company (“MBIC”) to recover amounts owed under a commercial crime policy issued by MBIC to BitPay as well as penalties for MBIC’s bad faith denial of the amounts owed to BitPay under the policy.
BitPay cannot discuss the pending litigation other than to say the amounts owed relate to a theft incident which occurred in December of 2014, nearly one year ago. This was an isolated incident, and none of BitPay’s customers, affiliates or merchants lost any funds. The only victim of the theft was BitPay. All merchant funds were secure, and there were no disruptions to BitPay’s payment services at any time. Additionally, advances in bitcoin cybersecurity over the last year allow BitPay to further protect funds and better serve merchants and bitcoin users.
Stephen Pair,
CEO, BitPay
BitPay cannot discuss the pending litigation other than to say the amounts owed relate to a theft incident which occurred in December of 2014, nearly one year ago. This was an isolated incident, and none of BitPay’s customers, affiliates or merchants lost any funds. The only victim of the theft was BitPay. All merchant funds were secure, and there were no disruptions to BitPay’s payment services at any time. Additionally, advances in bitcoin cybersecurity over the last year allow BitPay to further protect funds and better serve merchants and bitcoin users.
Stephen Pair,
CEO, BitPay
So that incident was happened almost 10 months ago in December 2014 not recently that hack, it doesn't leave any bad impact on bitcoin price as the title looking it happened today.
Jump to: