When I hear about scams and frauds throughout the crypto industry, I cringed in my seat.
1. Bitpay lost 5000 bitcoins (USD 1.8 million) last December 2014 (source) when fraudsters obtained email credentials for BitPay CFO Bryan Krohn. Despite having their bitcoins in a multi-signature wallet, CEO Stephen Pair and executive chairman Tony Gallippi proceeded to send out the coins to the bitcoin address held by the fraudsters. From the details below, Bryan Krohn entered his company email username and password on a phishing site that looked like Google Docs and did not activate 2FA (two factor authentication).
A timeline included in Massachusetts Bay’s initial denial letter goes into further detail.
“Immediately after clicking on the Google doc link, Mr Krohn enters his authenticating information as prompted in order to access the purported Google docs and receives an error message,” the letter states. “[Krohn] believes his private information was stolen at that time and that his response provided access to his email to the fraudster.”
A key detail included in the emails was now accessible to the fraudster: the fact that BitPay did not require SecondMarket to advance pay for bitcoins it received from the company.
2. A Malaysia based user on our private group also lost bitcoins this month (Sept) and it totaled 25.5 bitcoins (about MYR 25500). He had traded in his old phone for a new phone and we believed that the shop owner or the new owner of his old phone had access to his emails. With that access in hand, the hacker proceeded to reset the passwords on various bitcoin wallets and transferred out the bitcoins.
3. It would seem that all this incidents could have been prevented if the users followed ISO standards and Standard operating procedures (SOP). We provide safe storage management and customized training modules on crypto currencies. For further details, contact Colbert Low at firstname.lastname@example.org or user @colbertlow (on telegram app) or WhatsApp at +60123038472.