BitPay loses $1.8m in phishing attack

BitPay lost $1.8 million in a phishing attack late last year, according to lawsuit filed by the bitcoin payment processing firm against an insurer it is trying to get to cover some of the losses.

  9 2 comments

BitPay loses $1.8m in phishing attack

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

According to court documents obtained by the Atlanta Business Chronicle, last December BitPay CFO Bryan Krohn received an email from someone purporting to be from a digital currency publication.

However, the sender's email account had been hacked and the email directed Krohn to a site controlled by the hacker where he provided the credentials for his corporate email account.

The crook used the email account to fraudulently transfer 5000 bitcoins worth $1.85 million in three separate transactions.

In a statement, BitPay CEO Stephen Pair says: "This was an isolated incident, and none of BitPay’s customers, affiliates or merchants lost any funds. The only victim of the theft was BitPay. All merchant funds were secure, and there were no disruptions to BitPay’s payment services at any time."

The company is suing Massachusetts Bay Insurance Company, which has refused to pay out on a policy with a limit of $1 million less BitPay's deductible of $50,000.

Sponsored [Webinar] 2025 Fraud Trends: Synthetic Identity, AI and Incoming Mandates

Related Company

Keywords

Comments: (2)

A Finextra member 

The insurer will pay if the event is a covered loss. If it not explicitly covered it may take some time to interpret the language of the policy where the coverage exists. The insurers first line of defense is to deny coverage unless explicitly covered, whereas in this case a bitcoin processor may not have been understood. Insurance companies are there for that, to provide coverage, and make payments for covered losses. Just the reading of the deductible and the maximum amount leads me to believe this is a general coverage policy. I would like to see the actual policy.

Hitesh Thakkar

Hitesh Thakkar Technology Evangelist (Financial Technology) at SME - Fintech startups (APAC and Africa)

I agree with present stance of Insurance company as this incident had occured as Phishing attack. Bitpay would have informed as part of IT control about dos and don'ts of IT security ( Standard IT security policy guidelines) and iron cladded Firewalls, IDS,HDS etc controlling such attacks apart from IT security awarness.

I wonder Blockchain could have been used as electronic journal which can be used to trace those Three transactions.

[Webinar] Solving the KYC challenge with end-to-end processesFinextra Promoted[Webinar] Solving the KYC challenge with end-to-end processes