September 18, 2015 by

Bitcoin Payment Service BitPay Loses $1.8M in a Classic Phishing Hack

Atlanta’s BitPay, a Bitcoin processor, suffered losses of 5000 Bitcoins, nearly USD $1.8 million due to a spear-phishing attack instigated by a hacker, court documents revealed.

A filing of court documents have revealed that top management at BitPay, a payment processor for the cryptocurrency Bitcoin, were tricked into sending nearly $1.8 million to an opportunistic hacker, armed with a classic phishing scam.

The incident was never brought to light by BitPay themselves until court documents revealed it, reports the Atlanta Business Chronicle.

The Scam

The details of the hack were revealed when BitPay filed a lawsuit against its insurer after the latter’s refusal to pay for the losses incurred due to the hack.

The complete lawsuit is available to download here. The reasons for BitPay’s rejected insurance claim is documented here.

Here’s how the scam was spun:

  • The hacker gained access to David Bailey, BTC Media CEO’s computer to send an email to BitPay CFO Bryan Krohn. The email contained a link to a Google Doc.
  • The first hack of the BTC CEO’s email was crucial as the company was in regular communication with BitPay to purchase the latter’s magazine business.
  • The Google document was promptly filled up by BitPay CFO Krohn with his corporate email information that inadvertently granted the hacker complete access to the Krohn’s account.

After gaining access to Krohn’s email, the hacker got to “learn specific details about how BitPay transacted business,” the lawsuit reads.

With the necessary details and tools at his disposal now, the hacker launched the next phase of his plan.

  • Using Krohn’s email account, the hacker sent emails to BitPay CEO Stephen Pair (purporting to be from Krohn) and asked Pair to transfer 1000 bitcoins to a BitPay customer’s wallet. Pair promptly did the same.
  • A short while later, the CEO received a second email with the same request for another 1000 bitcoins, which he also proceeded to do.
  • Emboldened, the hacker then sent another email to the CEO asking for an additional 3000 Bitcoins the next day. When Pair emailed Krohn to confirm the request, the hacker (still in control of Krohn’s email) sent an email back, validating the request.
  • The CEO then sent 3000 bitcoins to the wallet(approx. $700,000 in today’s rates).

The scam was only discovered after the CEO cc’d the real BitPay customer on the final email about the transfer of 3000 coins, which prompted a reply from the customer noting that they did not purchase the bitcoins.

In a statement by BitPay CEO Stephen Pair, he confirmed that BitPay was the only victim of the hacker’s scam and did not affect any of its users.

”This was an isolated incident, and none of BitPay’s customers, affiliates or merchants lost any funds. The only victim of the theft was BitPay. All merchant funds were secure, and there were no disruptions to BitPay’s payment services at any time,” the statement read.


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Fake SWIFT Service Emails Delivers Adwind Remote Access Trojan

An email phishing campaign has attempted to infect unsuspecting victims with the Adwind...

Read more arrow_forward

Tesla’s Cloud Account Hacked to Mine Cryptocurrency

Tesla’s cloud environment has been exploited by hackers who used the computational power to mine...

Read more arrow_forward

Snapchat Phishing Attack Swipes Credentials of Over 50,000 USers

Details have emerged on a phishing attack which saw hackers steal the credentials of over 50,000...

Read more arrow_forward