An Atlanta-based Bitcoin payment processing company, BitPay, has reportedly been hit by a costly phishing scam with loses estimated to be around $1.8 million. The hacker, who pretended to be BitPay’s CFO Mr. Bryan Krohn, sent dummy email messages from his account in the month of December. Sanctioning transfer of approximately 5,000 bitcoins in 3 separate transactions to the SecondMarket platform, he bypassed Internet security systems where in any normal situation such advanced payments would not be necessary.
The first victim of this elaborate scam touching on Internet security was David Bailey, founder of quarterly trading magazine yBitcoin. His email account had been hacked and an alleged message sent to Krohn, requesting that he reviews certain modifications published on a Google document. During this time, they were coincidentally in consultations about purchase of the company’s online magazine by yBitcoin. As shown by documents from BitPay.
Krohn suspects that his login details were breached when he tried accessing the alleged document. Thereafter, the fraudster didn’t just impersonate him, but also hacked into the company’s Internet security details to acquire details concerning procedures used to make transactions with customers.
On Dec 11th, somebody pretending to be Mr. Krohn sent an email to BitPay’s CEO Stephen Pair, demanding immediate transfer of about 1,000 bitcoins to the SecondMarket platform at an undisclosed wallet address. The request was processed within an hour’s time, then shortly afterwards another email was sent for 1,000 more bitcoins to the same account. Transactions were made directly from the firm’s official wallet on Bitstamp.
The next day, the hacker requested 3,000 more bitcoins to be transferred to SecondMarket but at a different wallet account. After these funds were sent, Pair confirmed them by relaying an email to both Krohn and SecondMarket’s executive Gina Guarnaccia, with the latter immediately denying that her firm was involved in purchase of any bitcoins. That’s when the victims discovered their Internet security protocols had been tampered with.
A few days later, BitPay filed an insurance claim seeking compensation from its coverer the Massachusetts Bay Insurance Company. However, on Sept 15th BitPay filed suit against MBIC for failing to meet the contract stipulations, having not paid statutory damages as requested. They are seeking $950,000 as fine including necessary court fees.