BitPay lost $1.8 million in a phishing attack late last year, according to lawsuit filed by the bitcoin payment processing firm against an insurer it is trying to get to cover some of the losses.
According to court documents obtained by the Atlanta Business Chronicle, last December BitPay CFO Bryan Krohn received an email from someone purporting to be from a digital currency publication.
However, the sender's email account had been hacked and the email directed Krohn to a site controlled by the hacker where he provided the credentials for his corporate email account.
The crook used the email account to fraudulently transfer 5000 bitcoins worth $1.85 million in three separate transactions. In a statement, BitPay CEO Stephen Pair says: "This was an isolated incident, and none of BitPay’s customers, affiliates or merchants lost any funds. The only victim of the theft was BitPay. All merchant funds were secure, and there were no disruptions to BitPay’s payment services at any time."
The company is suing Massachusetts Bay Insurance Company, which has refused to pay out on a policy with a limit of $1 million less BitPay's deductible of $50,000.
If CFO Bryan Krohn would have been effectively security awareness trained, this would not have happened. Don't be that guy. Find out how affordable this is for your organization.
Hat Tip to FinExtra.