Atlanta's Bitpay got hacked for $1.8 million in bitcoins

BY David Allison

Atlanta's Bitpay Inc. got hacked for more than $1.8 million in bitcoins.
According to a lawsuit filed Sept. 15 in federal court in Atlanta, in December 2014, Bryan Krohn, Bitpay's chief financial officer, got an email from someone purporting to be with a digital currency publication asking Krohn to comment on a bitcoin industry document.

Unknown to Krohn or Bitpay, the email sender's computer had been hacked, and the hacker sent the phony email that directed Krohn to a website controlled by the hacker, where Krohn provided the credentials for his Bitpay corporate email account, according to the lawsuit.
"After capturing Mr. Krohn's Bitpay credentials, the hacker used that information to hack into Mr. Krohn's Bitpay email account to fraudulently cause a transfer of bitcoin" valued at $1,850,000, the lawsuit says.

Terry Cerisoles
American Cancer Society
Stephen Fodroczi
All About Developmental Disabilities
Dr. M. Jonathan Mathers

According to court documents, the transfer was a total of 5,000 bitcoins in three separate transactions.
The fraudster got access to Krohn's email, allowing the fraudster to review Krohn's communications "to learn specific details about how Bitpay transacted business," according to the lawsuit. The fraudster then sent emails to Bitpay CEO Stephen Pair purporting to be from Krohn, asking Pair to transfer 1,000 bitcoins to a Bitpay customer's "wallet," which he did.

A short time later the CEO received a second email requesting the transfer of another 1,000 bitcoins, which he did.

The next day, the imposter sent another email to the CEO asking him to send an additional 3000 bitcoins to the customer. The CEO emailed Krohn to confirm the request, and the imposter sent back an email saying the transfer was valid. The CEO then sent the bitcoins.

The scam was apparently discovered because the CEO copied Bitpay's real customer on the final email about the transfer of the 3,000 coins, and the customer then replied back that they did not purchase the bitcoins.

Bitpay tried to get its insurer to cover $950,000 of the loss, but in June the insurer declined to pay. Bitpay is now suing the insurer.