Hacker Cons Virtual Currency Processor Bitpay Out of $1.8M
Financial Services // Web Services // Georgia, United States
Bryan Krohn, the company’s chief financial officer, got an email from someone purporting to be an editor at a digital currency magazine asking Krohn to discuss a bitcoin industry document saved in Google Docs.
Unknown to Krohn or Bitpay, a hacker sent the email after compromising the real editor’s computer.
The fraudulent email directed Krohn to a website controlled by the hacker, where Krohn provided the Google credentials for his Bitpay corporate email account to access the document.
After capturing the credentials, the hacker used them to hack into Krohn's email account and fraudulently prompt transfers of bitcoin valued at $1,850,000.
In Krohn’s email account, the hacker was able to review Krohn's communications to learn details about how Bitpay transacted business. The criminal then sent emails to Bitpay CEO Stephen Pair purporting to be from Krohn, asking Pair to transfer 1,000 bitcoins to a Bitpay customer's wallet.
A short time later the CEO received a second email requesting the transfer of another 1,000 bitcoins.
The next day, the imposter sent another email to the CEO asking him to send an additional 3,000 bitcoins to the customer.
When the CEO emailed Krohn to confirm the request, the imposter sent back an email saying the transfer was valid. The CEO then sent the bitcoins.
The scam was apparently discovered when the CEO copied Bitpay's real customer on the final email about the transfer of the 3,000 coins, and the customer replied that they did not purchase the bitcoins.