Bitpay filed a lawsuit against its insurance company, Massachusetts Bay Insurance Company (MBIC), on September 15th for denying a claim made late last year regarding reportedly stolen Bitcoin funds from Bitpay's account. Bitpay is alleging breach of contract and seeking a $950,000 insurance claim in addition to damages against MBIC.
Bitpay allegedly was victim to a hacking attack in December 2014, when $1.8 million of bitcoin were stolen during a phishing attack involving CFO Bryan Krohn and CEO Stephen Pair. The timeline of the hack was posted on Reddit. It isn't confirmed whether the stolen funds were the result of a hacking attack or internal embezzlement.
The hacked email account of Bitpay customer David Bailey was used to send a phishing email to CFO Krohn and steal his email account information. With Krohn's hacked account, several emails were sent to CEO Pair for the authorization of withdrawals in the amounts of 3000 BTC, 1000 BTC, and 1000 BTC.
Pair executed and authorized the transfer of the funds to an unknown address which likely belonged to the hacker. Bitpay has come under fire for such insufficient security measures, where an executive's email is apparently enough of a confirmation for the transfer of nearly $2 million.
Bitpay filed a claim for the lost funds days after the breach, which were denied in a June 8th letter from MBIC. Pair posted on Bitpay's blog confirming the suit against MBIC, but didn't go into further detail of the lawsuit or the hacking attack.