BitPay loses $1.8m in phishing attack

BitPay loses $1.8m in phishing attack

BitPay lost $1.8 million in a phishing attack late last year, according to lawsuit filed by the bitcoin payment processing firm against an insurer it is trying to get to cover some of the losses.

According to court documents obtained by the Atlanta Business Chronicle, last December BitPay CFO Bryan Krohn received an email from someone purporting to be from a digital currency publication.

However, the sender's email account had been hacked and the email directed Krohn to a site controlled by the hacker where he provided the credentials for his corporate email account.

The crook used the email account to fraudulently transfer 5000 bitcoins worth $1.85 million in three separate transactions.

In a statement, BitPay CEO Stephen Pair says: "This was an isolated incident, and none of BitPay’s customers, affiliates or merchants lost any funds. The only victim of the theft was BitPay. All merchant funds were secure, and there were no disruptions to BitPay’s payment services at any time."

The company is suing Massachusetts Bay Insurance Company, which has refused to pay out on a policy with a limit of $1 million less BitPay's deductible of $50,000.

Comments: (2)

A Finextra member
A Finextra member 17 September, 2015, 20:48Be the first to give this comment the thumbs up 0 likes The insurer will pay if the event is a covered loss. If it not explicitly covered it may take some time to interpret the language of the policy where the coverage exists. The insurers first line of defense is to deny coverage unless explicitly covered, whereas in this case a bitcoin processor may not have been understood. Insurance companies are there for that, to provide coverage, and make payments for covered losses. Just the reading of the deductible and the maximum amount leads me to believe this is a general coverage policy. I would like to see the actual policy.
Hitesh Thakkar
Hitesh Thakkar - SME - Fintech startups (APAC and Africa) - India 18 September, 2015, 17:50Be the first to give this comment the thumbs up 0 likes

I agree with present stance of Insurance company as this incident had occured as Phishing attack. Bitpay would have informed as part of IT control about dos and don'ts of IT security ( Standard IT security policy guidelines) and iron cladded Firewalls, IDS,HDS etc controlling such attacks apart from IT security awarness.

I wonder Blockchain could have been used as electronic journal which can be used to trace those Three transactions.