UPDATED 02:46 EST / SEPTEMBER 17 2015

NEWS

BitPay hacked for $1.8 million in bitcoin during December 2014

Court documents filed on September 15 in a federal court in Atlanta, GA have revealed that Atlanta-based BitPay, Inc. was hacked to the tune of 5,000 bitcoins (approximately $1.8 million) in December of 2014.

As a major financial services provider in the Bitcoin marketplace, BitPay is an extremely obvious target for hackers. Of course, BitPay relies on an insurer, Massachusetts Bay Insurance Company, for instances of hacks and this court case involves the insurer refusing to pay on a policy involving hacks and fraudulent activity.

A copy of the lawsuit is available here [PDF] and further documents submitted by BitPay are available here [PDF].

BitPay: Bitcoins stolen were obtained by fraud

According to the Atlanta Business Chronicle, the court documents reveal that the hacker first compromised the e-mail account of Bryan Krohn, BitPay’s chief financial officer via a technique known as spear phishing. This technique targets a specific individual and directs them to a web page that looks legitimate, but is really controlled by the hacker. When the targeted individual enters the credentials into that page the hacker then gets their login information.

To get Krohn’s credentials the hacker used access to the e-mail account of David Bailey, the founder of yBitcoin (a property of BTC Media Inc.), a print and digital media guide of the Bitcoin ecosystem, who had been in negotiation with BitPay over a Bitcoin-related magazine purchase. As for the phishing web page, the hacker crafted a Google document that appeared to be from Bailey to Krohn that acted to steal Krohn’s corporate account credentials and give the hacker access.

According to court documents, the hacker used this access to review Krohn’s e-mail history and learn how BitPay transacted business. Using this knowledge and access to Krohn’s account, the hacker then began to masquerade as Krohn.

Using this subterfuge, the hacker first e-mailed BitPay’s CEO Stephen Pair and asked for 1,000 BTC to be transferred to a wallet claimed to belong to SecondMarket, Inc. vice president Preston Blankenship, which he did. Shortly thereafter another e-mail was sent for another 1,000 BTC, also transferred.

The next day, the imposter grew braver and asked for 3,000 BTC to be transferred to the customer’s wallet. This time, the CEO e-mailed Krohn to verify the transfer, but the hacker had control of that e-mail account so simply replied that the request was valid.

The scam, however, was uncovered at this point because Pair had copied the real e-mail of a SecondMarket representative in the e-mail asking for verification. This led to a reply stating that SecondMarket had not bought 3,000 BTC.

Of course, by this time all 3,000 bitcoins had been spirited away.

The lawsuit emerges

BitPay attempted to get Massachusetts Bay Insurance Company, BitPay’s insurer, to pay $950,000 of the total, but in June the insurer declined to pay. The resulting court documents that this information has been peeled from is the result of BitPay’s lawsuit.

The refusal by the insurer to pay out appears to be regarding the nature of the hack:

“The facts as presented do not support a direct loss since there was not a hacking or unauthorized entry into Bitpay’s computer system fraudulently causing a transfer of Money. Instead, the computer system of David Bailey, Bitpay’s business partner, was compromised resulting in fictitious emails being received by Bitpay. The Policy does not afford coverage for indirect losses caused by a hacking into the computer system of someone other than the insured.”

That the insurance only covers what would be considered hack by electronic compromise, and not the significant portion of modern hacking, which is “social engineering,” makes this a strange insurance policy.

Featured image credit: photo via Charis Tsevis

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU