Was my BitPay hacked?

**Sam Odom** · 01-14-20, 09:25 AM

Not sure...

Sounds bad tho

**stevenash** · 01-14-20, 09:32 AM

I’ve never trusted Bitcoin

**JonnySavage** · 01-14-20, 09:57 AM

Never had an issue - this sucks.

**gauchojake** · 01-14-20, 10:05 AM

Thanks for the payout pal!

**Sam Odom** · 01-14-20, 11:38 AM

Just checked BP wallet & DC

all is good

Not a widespread 'problem'

**JonnySavage** · 01-14-20, 11:53 AM

Wherever it was sent has used the same address since November 2018. Guessing they would have needed to hack my phone to get the key then install the app and use my key on another device? Even so, how would they suddenly realize there is money in the BP account?

**Sam Odom** · 01-14-20, 11:55 AM

If they have control of that addy (Nov '18 one) they do not need your Key or PW

**JonnySavage** · 01-14-20, 11:58 AM

Not sure what you mean. I looked up the address where the funds were sent, which has received transactions dating back to November 18.

I created a new address in BP, withdrawal from Bovada, received by the address I created.

Then 10 minutes later, there is a sent transaction to the Nov 18' address....controlled by someone else.

How would they access my BP wallet without Key or PW?

**Sam Odom** · 01-14-20, 12:05 PM

Dont know about your last question...

But what Sammy said post #8 still stands true

Assuming everything you have stated is true... 'They' have control of the addy your BTC went to. They now can do with the btc as they want. They need nothing from you

**jjgold** · 01-14-20, 12:18 PM

Bitcoin not a perfect science

Easily can be hacked unless strict security on your account

This is not a bank like Wells Fargo, no regulation

**JonnySavage** · 01-14-20, 12:20 PM

Of course....once they have it, they have it. My question is: how did they get it? I remember being told to write down some key when I first installed BitPay. Yet, it seems available on the app, even though I seem to remember BP saying to write it down or store it as it can never be recovered for security purposes. Trying to figure out where I was vulnerable. A couple years back Bovada claims that SOMEONE was attempting to use my card on their site. They locked my account for a bit stating another account (on Bovada) was trying to use the same card to deposit. There were no other fraud attempts on the card, so I found it strange that whoever had my card info would ONLY try and use it to deposit at Bovada.

I like the BP card as its easy and convenient. Obviously can't use them after this but just wondering if anyone with more crypto knowledge can make sense of any of it. There was no e-mail or notification that I signed in from another device. Its as if my phone was used to send a transaction by a ghost.

**Sam Odom** · 01-14-20, 12:24 PM

Originally posted by jjgold

Easily can be hacked unless strict security on your account

Not "easily"

Not "strict security" just common sense ones

Sammy has had BTC in a Core wallet since the beginning. Which is a long time.

Never had a hack problem... Update regularly

**JonnySavage** · 01-14-20, 01:15 PM

BitPay gave me the generic response that I either sent it accidentally (in my sleep) or someone used my device and I should protect my device (which is already protected by fingerprint scanner).

Have scanned phone with multiple programs nothing detected. The funds are gone just wish I had some sort of explanation.

**byronbb** · 01-14-20, 02:37 PM

Seems weird. I mean from what I can discern they would need to have access to your phone with pin for BitPay app and everything. Truly terrifying. Dump bitpay forever and even consider getting a new SIM. Check google account access logs etc. Googling around I see other people claiming the same issue. Funds moved as if people had access to their phone etc.

**JonnySavage** · 01-14-20, 03:42 PM

I changed my Google password before checking for devices logged-in. When going to "Details" in GMAIL and checking the recent activity log, many are an 'Authorized Application' with an IP in Netherlands. Not sure if that is a mail app or something legit, or not. Even if my Google account was compromised, how does that translate into access to my BitPay wallet which, supposedly, is only accessible on my phone?

The address it was sent to is: 13k4rgQ6b9LdBt6pvgLR5MSV6wAhujFpgq

The step-by-step would have to be: Access Google accounts, wait for incoming Bitpay payment notification (Gmail), log in to that BitPay remotely, transfer the funds out to the address above. Is that logical?