BitPay 'hack' loses 5k BTC

[mper...@cryptoconsortium.org]

I just read anecdotes that BitPay lost 5000btc.

From what I hear, Stephen Pair sent 4 transactions to non BitPay addresses as a result of a hacker impersonating internal employees.

CCSS's requirements for validating all cold storage withdrawals seems like it would have prevented such a thing... But without specifics this is just wild speculation on my part.

As a steering committee we should try to gather as many facts as we can about this incident to ensure the CCSS's provisions can prevent such a thing from happening to systems that are compliant.

Can one of you who know Stephen well try to open a line of communication for this purpose?


Sent from my mobile device

[Mike Belshe]

http://media.bizj.us/view/img/7016312/bitpay-2.pdf

Contains details - not quite what you had surmised. 

Mike

--
You received this message because you are subscribed to the Google Groups "CCSS Steering Committee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ccss-steering-com...@googlegroups.com.
To post to this group, send email to ccss-steeri...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ccss-steering-committee/CE97BF59-453A-4534-B998-DA0384374F96%40cryptoconsortium.org.
For more options, visit https://groups.google.com/d/optout.

--

Mike Belshe
408-718-6885

[mper...@cryptoconsortium.org]

It seems like the attacker took control of Bryan Krohn's email account, impersonating him and requested 3 transfers totaling 5000BTC. 

The coins were transferred with inadequate verification. 

CCSS covers that in the Key Usage aspect

Sent from my mobile device