BitPay 1.8M Hack From December Was Accomplished Through Social Engineering: BizJournal
ChangeTip Adds VISA and MasterCard Support: ChangeTip Blog
Bitcoin Payroll Company PEY Gets 300,000 Euros In Funding: CoinDesk
Original Photo by Dafne Cholet: Flickr
The BitPay story is baffling. It is important to note that they managed to take that loss on the chin without letting it affect their customers and merchants, something they pointed out in their response. Nevertheless, the story that is now coming out, thanks to the discovery process that BitPay itself initiated by taking the insurance company to court, seems extremely damaging to BitPay’s reputation. The social engineering hack wasn’t complex. Once the hacker had access to one person’s PC ( the CEO’s) he was able to convince BitPay employees to transfer him $1.8M worth of Bitcoin. Social engineering hacks have been in the news for the past few years, I expect out of touch companies that have been around for decades to fall for these tricks, but one of the pillars of a bleeding edge technology like Bitcoin? I can’t help but wonder if these guys have read a security blog in the past five years.
That BitPay initiated this whole thing is what makes this story shocking on a deeper level. I have to imagine the PR hit they took today dwarfs any settlement they could have gotten in the lawsuit. Did they think no one would notice? Did they think it wasn’t a big deal? Bitcoin companies and banks have a similarity in that reputation and trust are the most critical aspects of their business.
People only hand over their money to a bank when they trust it, and BitPay can say whatever it wants about the theft only affecting BitPay’s profits and how they didn’t lose any customer funds, but if everyone sees a guy walk out of a bank with two bags full of cash because he asked for it, no one is going to put their money in that bank. It doesn’t matter that he didn’t get to the inner vault, people are going to go down the street, to the bank that locks up all of their money.
The ChangeTip news is unexpected. I knew they were looking for ways to make it easier for non-Bitcoin users to use, but that is what I thought the Gyft integration was for. I predict they will get a lot of heat for this move, but considering the numbers they put out on Reddit, it is hard to blame them. Their survey indicated 76% of respondents wouldn’t use ChangeTip because it uses Bitcoin. Bitcoin simply scares the general public. The quicker we accept that, the quicker we can start working on solutions. If that means some hybrid system is created, then fine. Not everyone has to use it. AOL and Compuserve did a lot to bring people online. Neither embraced the spirit of openness that drove the internet forward, and that eventually led to their demise, but both served their purpose when they were around.
Will denominating it in dollars and making a somewhat convoluted dual pocket system make people completely who are unaware of ChangeTip and/or Bitcoin more likely to accept it? I have heard public figures, even ones friendly to bitcoin like Joe Rogan, [38:00] say that they mistook it for some sort of spam. I don’t know if this fixes that problem, but I don’t blame them for trying.