Strange Twists And Turns Of Nano And BitGrail Since The $150 Mln Hack
While hacks and thefts from cryptocurrency exchanges are nothing new, there have been some notable cases, as well as some smaller and less publicised ones. However, it is not always the eye-watering figures that are stolen that draw headlines - sometimes it is the saga that unfolds after the theft.
This has been the case of the Feb. 8 hack of Italian exchange, BitGrail. The story started to pick up attention as Nano, which was what RailBlocks was rebranded to in January, were drawn into the ruckus with fingers being pointed at their Blockchain protocol.
In the end, $150 mln worth of Nano was stolen, and given all the finger pointing, it is still unclear where the fault lies. Was it simply poor security from BitGrail, or, as they have vehemently said, was it an issue with Nano’s Blockchain?
There are accusations of conflicting timestamps, evidence of an unsecure hot wallet, and through it all, both companies have had full goes at one another.
The latest development in the ongoing saga is that BitGrail will refund the missing Nano but with the caveat being that no one is allowed to sue them. It is an interesting turn of events that still seems to point to the fact that both companies are steadfastly refusing to take blame.
Suspicion arises
On Feb. 8, BitGrail claimed that it was hacked with different figures being reported; from $150 mln to $195 mln. the hackers claimed Nano coins as their prize, and up until that time, Nano, which is currently 29th in terms of market cap, at $851,357, was one of their biggest coins.
The hack was reported by BitGrail founder Francesco Firano, but suspicion soon increased. Evidence emerged that Firano had asked the developers of Nano to change the coin’s ledger. This of course raised many eyebrows as the immutability of transaction records is one of the core features of cryptocurrencies and should not be possible.
The people who leaked the evidence of Firano’s request? It was the Nano Core team.
“...Firano informed us of missing funds from BitGrail’s wallet. An option suggested by Firano was to modify the ledger in order to cover his losses — which is not possible, nor is it a direction we would ever pursue” Nano wrote in a Medium post.
A battle of words
This sparked a battle between the Nano dev team, who were now in the spotlight for apparently having the ability to alter a cryptocurrency ledger, and Firano, who was the one who requested this to happen - both sides impacting their reputation and calling into question who was to blame for the actual hack.
Firano hit back in a tweet, stating the accusations made by Nano were ‘unfounded’:
In the wake of the unfounded accusations made against me by the dev team and of the dissemination of private conversations that compromise police investigations, Bitgrail s.r.l. is forced to contact the police in order to protect its rights and users
— Francesco The Bomber (@bomberfrancy) February 10, 2018The response was likely triggered by a parting shot in the Nano Medium post which said:
“We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time”.
In the post Nano also made it clear that they do not believe the hack had anything to do with their protocol.
Fighting back
Firano managed to get his side of things out in an exclusive interview with Cointelegraph. The exchange owner admitted that he had been receiving death threats from the community, and again reiterated that the allegations made by Nano were “baseless and malicious.’
Avviso importante Tutti quelli che mi minacciano di morte, potrebbero farlo ordinatamente sotto a questo tweet? Inizia a diventare stancante cercare in tutti i miei post.
— Francesco The Bomber (@bomberfrancy) February 11, 2018“All those who threaten me with death, could they do it neatly under this tweet? It starts to get tiresome looking in all my posts”
Francesco The Bomber (@bomberfrancy) 11 February, 2018.
In the interview, Firano stated that it would be impossible to refund the stolen amount, pointing towards the suggestion that was revealed in their chats of forking the burned transactions to refund users.
Firano also adds that the issue stems from from the timestamp technology of Nano and that the block explorer of the cryptocurrency is not reliable.
Now, Bitgrail and Firano have laid blame at Nano’s feet for the theft because of an issue with their protocol - something they denied a few times being an issue. The back and forth continued as Troy Retzer, one of the Nano Core Team that oversees community and public relations, also spoke to Cointelegraph.
Nano’s defence
Responding to the claims made by Firano, Retzer explained that the timestamps that were supposedly missing according to Firano, could not be as it was explained.
The Nano Blockchain network conducted a re-synchronization of its nodes, providing every block or transaction missing before Jan. 19 with a timestamp recorded at the time. This meant that all transactions or blocks were recorded accurately, with a timestamp on that date.
Firano persisted with this fact, releasing a number of Telegram conversations in which he claimed that transactions before Jan. 19 are missing on the block explorer of the Nano network. Firano also asserted that transactions were somehow removed and reinserted in a later date. However, this is not possible unless the entire Blockchain is compromised.
Time to make reparations
With no party taking any full responsibility for the hack, and the funds now gone leaving users fuming, the whole saga continued by disgruntled users who headed to the courtrooms. On April 5, a new class action lawsuit had been filed in the US on behalf of investors.
It got to a point where Nano stated that they would even help pay the legal bills of those who sought to take on BitGrail in court.
The Nano Foundation announced it will sponsor a legal fund to provide all victims of the hack with equal access to representation to pursue their legal interests associated with BitGrail’s insolvency.
The pressure of lawsuits seems to have broken BitGrail’s resolve somewhat, as on March 16, BitGrail announced that there were plans to refund their users, but only if those users eased off on the courtroom antics.
In a press release on its website, Bitgrail said that, “the use of the platform for the victims of the theft will be bound by the signature of a settlement agreement. The latter will be characterised by an expressed renouncement from the users to every type of legal action, and will have to be formalized through the compilation of a form.”
Bitgrail intends to pay back its users by creating a token, Bitgrail Shares (BGS). The users who were affected by the theft were refunded 20 percent of their lost amount in XRB, with the remaining 80 percent to be covered by BGS.
They also reiterated that they are not taking the responsibility for the hack, still pointing in the direction of Nano and its alleged protocol problems.
“BitGrail S.r.l intends to stress having been subject to theft, a crime made possible by taking advantage of faults in the team NANO's softwares and therefore, for these reasons and in accordance with the law, it is not in any way responsible for the situation.”
Sticky situation
The battle between BitGrain and Nano has been an ugly one. It has been hard on both the exchange, and on the currency, but mostly it is those who were the victims of the theft that suffered the most.
It all began quite well for the two sides, but their breakdown ended up costing a lot of people a lot of money, regardless of where the blame lies.
Zack Shapiro, one of the Core team for Nano, tweeted on Jan. 12 that the funds were perfectly safe on BitGrail, despite the concerns of frozen funds almost a month before the hack.
Funds are safe on Bitgrail. It's an issue with the node which we're working hard to fix. Again, funds are safe
— Zack Shapiro (@ZackShapiro) January 12, 2018The mystery of who was really at fault will probably remain, with both sides dogged in their defence and lack of culpability. However, if BitGrail are to be believed, and reparations are going to be made then at least there appears to be an ending in sight.