BitPay, a bitcoin payment service company based in Atlanta, was hacked for $1.8 million worth of cryptocurrency recently. The alleged attack was done through an email to the company’s chief financial officer, Brian Krohn, from someone posing as an employee in a digital currency publication and asking for comment.
According to the lawsuit filed in Atlanta’s federal court in December last year, the hacker directed Krohn to an encrypted website which asked for his credentials for the BitPay email account. From there, the hacker purportedly used the information to access the bitcoin payment service’s corporate account and transfer around 5,000 bitcoins in three separate transactions.
Bitcoin Payment Company Loss
The lawsuit went on to detail how the hacker had been able to use the corporate email account to access correspondence on how the bitcoin payment company conducts business. The hacking attack also included communication with CEO Stephen Pair on asking for a transfer of 1,000 bitcoin to the wallet of the fraudster who was pretending to be Krohn.
These bitcoin payment requests were repeated until Pair copied Bitpay’s real customer on the final email about the transfer of the 3,000 coins, but the actual customer replied saying that the purchase wasn’t made and that the bitcoin wasn’t received.
BitPay then sought insurance coverage for $950,000 of the bitcoin payment company’s losses but the insurer declined to pay earlier this year. BitPay is also suing the insurer, Massachusetts Bay Insurance Company, in the US District Court for the Northern District of Georgia earlier this month.
The hacking attack exposed potential vulnerabilities that bitcoin companies should be vigilant of, particularly when it comes to providing corporate information to outsiders. It also demonstrates how the use of cryptocurrency could make it difficult to track the perpetrators, as bitcoin transactions are anonymous and cannot be linked to a particular entity.