A processor of crypto-currency has been the most recent victim in a massive hacking campaign which has seen the company lose 5000 bitcoins, currently valued at over a million pounds.
The scam originated with a series of emails sent to the Atlanta-based company's executive officers. Having hacked the email account of a yBitcoin employee, a crypto-currency publication, the hackers sent an email to BitPay's CFO, Bryan Krohn under the guise of the yBitcoin employee. From there, the hackers pointed Krohn to a website which they controlled, where they requested his corporate login details.
This allowed the hackers to make large transactions using Krohn's details. They then used Krohn's account as a launching station from which to attack BitPay's CEO, Stephen Pair. Pretending to be Krohn, the hackers requested the transfer of bitcoins in tranches of 1000 to an individual customer. This happened twice before the hackers request a transfer of 3000 bitcoins, and Pair copied Krohn in on the request, who then contacted the customer who had been transferred the bitcoins, who responded that they had not purchased any.
The total of 5000 bitcoins, currently valued at £150 each, that were eventually stolen signify a million pound loss for the crypto-currency broker. BitPay tried to reclaim the massive loss via its insurer, Massachusetts Bay Insurance Company, who rejected the claim earlier this year. The insurer submitted documents to the court, claiming that, “the facts as presented do not support a direct loss since there was not a hacking or unauthorized entry into Bitpay's computer system fraudulently causing a transfer of Money.”
The documents claim that “instead, the computer system of David Bailey, Bitpay's business partner, was compromised resulting in fictitious emails being received by Bitpay. The Policy does not afford coverage for indirect losses caused by a hacking into the computer system of someone other than the insured.”
Kevin Epstein, VP of threat operations at Proofpoint, told SCMagazineUK.com via email that, “From a social engineering standpoint, a phishing email is far more likely to succeed in tricking the recipient into enabling malware or revealing proprietary information if it appears to come from authorised managers, such as this hacker posing as the BitPay CFO, and contains private details, that further appear to legitimise the communication.”
Epstein added that, “Organisations relying on legacy secure email gateway-only protection will be compromised – hence the move by best-in-breed defenders to adopt more modern protection in the form of incremental targeted attack protection and threat response systems.”