Strange Twists And Turns Of Nano And BitGrail Since The $150 Mln Hack

Published at: April 18, 2018

While hacks and thefts from cryptocurrency exchanges are nothing new, there have been some notable cases, as well as some smaller and less publicised ones. However, it is not always the eye-watering figures that are stolen that draw headlines - sometimes it is the saga that unfolds after the theft.

This has been the case of the Feb. 8 hack of Italian exchange, BitGrail. The story started to pick up attention as Nano, which was what RailBlocks was rebranded to in January, were drawn into the ruckus with fingers being pointed at their Blockchain protocol.

In the end, $150 mln worth of Nano was stolen, and given all the finger pointing, it is still unclear where the fault lies. Was it simply poor security from BitGrail, or, as they have vehemently said, was it an issue with Nano’s Blockchain?

There are accusations of conflicting timestamps, evidence of an unsecure hot wallet, and through it all, both companies have had full goes at one another.

The latest development in the ongoing saga is that BitGrail will refund the missing Nano but with the caveat being that no one is allowed to sue them. It is an interesting turn of events that still seems to point to the fact that both companies are steadfastly refusing to take blame.

Suspicion arises

On Feb. 8, BitGrail claimed that it was hacked with different figures being reported; from $150 mln to $195 mln. the hackers claimed Nano coins as their prize, and up until that time, Nano, which is currently 29th in terms of market cap, at $851,357, was one of their biggest coins.

The hack was reported by BitGrail founder Francesco Firano, but suspicion soon increased. Evidence emerged that Firano had asked the developers of Nano to change the coin’s ledger. This of course raised many eyebrows as the immutability of transaction records is one of the core features of cryptocurrencies and should not be possible.

The people who leaked the evidence of Firano’s request? It was the Nano Core team.

“...Firano informed us of missing funds from BitGrail’s wallet. An option suggested by Firano was to modify the ledger in order to cover his losses — which is not possible, nor is it a direction we would ever pursue” Nano wrote in a Medium post.

A battle of words

This sparked a battle between the Nano dev team, who were now in the spotlight for apparently having the ability to alter a cryptocurrency ledger, and Firano, who was the one who requested this to happen - both sides impacting their reputation and calling into question who was to blame for the actual hack.

Firano hit back in a tweet, stating the accusations made by Nano were ‘unfounded’:

In the wake of the unfounded accusations made against me by the dev team and of the dissemination of private conversations that compromise police investigations, Bitgrail s.r.l. is forced to contact the police in order to protect its rights and users

— Francesco The Bomber (@bomberfrancy) February 10, 2018

The response was likely triggered by a parting shot in the Nano Medium post which said:

“We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time”.

In the post Nano also made it clear that they do not believe the hack had anything to do with their protocol.

Fighting back

Firano managed to get his side of things out in an exclusive interview with Cointelegraph. The exchange owner admitted that he had been receiving death threats from the community, and again reiterated that the allegations made by Nano were “baseless and malicious.’

Avviso importante Tutti quelli che mi minacciano di morte, potrebbero farlo ordinatamente sotto a questo tweet? Inizia a diventare stancante cercare in tutti i miei post.

— Francesco The Bomber (@bomberfrancy) February 11, 2018

“All those who threaten me with death, could they do it neatly under this tweet? It starts to get tiresome looking in all my posts”

Francesco The Bomber (@bomberfrancy) 11 February, 2018.

In the interview, Firano stated that it would be impossible to refund the stolen amount, pointing towards the suggestion that was revealed in their chats of forking the burned transactions to refund users.

Firano also adds that the issue stems from from the timestamp technology of Nano and that the block explorer of the cryptocurrency is not reliable.

Now, Bitgrail and Firano have laid blame at Nano’s feet for the theft because of an issue with their protocol - something they denied a few times being an issue. The back and forth continued as Troy Retzer, one of the Nano Core Team that oversees community and public relations, also spoke to Cointelegraph.

Nano’s defence

Responding to the claims made by Firano, Retzer explained that the timestamps that were supposedly missing according to Firano, could not be as it was explained.

The Nano Blockchain network conducted a re-synchronization of its nodes, providing every block or transaction missing before Jan. 19 with a timestamp recorded at the time. This meant that all transactions or blocks were recorded accurately, with a timestamp on that date.

Firano persisted with this fact, releasing a number of Telegram conversations in which he claimed that transactions before Jan. 19 are missing on the block explorer of the Nano network. Firano also asserted that transactions were somehow removed and reinserted in a later date. However, this is not possible unless the entire Blockchain is compromised.

Time to make reparations

With no party taking any full responsibility for the hack, and the funds now gone leaving users fuming, the whole saga continued by disgruntled users who headed to the courtrooms. On April 5, a new class action lawsuit had been filed in the US on behalf of investors.

It got to a point where Nano stated that they would even help pay the legal bills of those who sought to take on BitGrail in court.

The Nano Foundation announced it will sponsor a legal fund to provide all victims of the hack with equal access to representation to pursue their legal interests associated with BitGrail’s insolvency.

The pressure of lawsuits seems to have broken BitGrail’s resolve somewhat, as on March 16, BitGrail announced that there were plans to refund their users, but only if those users eased off on the courtroom antics.

In a press release on its website, Bitgrail said that, “the use of the platform for the victims of the theft will be bound by the signature of a settlement agreement. The latter will be characterised by an expressed renouncement from the users to every type of legal action, and will have to be formalized through the compilation of a form.”

Bitgrail intends to pay back its users by creating a token, Bitgrail Shares (BGS). The users who were affected by the theft were refunded 20 percent of their lost amount in XRB, with the remaining 80 percent to be covered by BGS.

They also reiterated that they are not taking the responsibility for the hack, still pointing in the direction of Nano and its alleged protocol problems.

“BitGrail S.r.l intends to stress having been subject to theft, a crime made possible by taking advantage of faults in the team NANO's softwares and therefore, for these reasons and in accordance with the law, it is not in any way responsible for the situation.”

Sticky situation

The battle between BitGrain and Nano has been an ugly one. It has been hard on both the exchange, and on the currency, but mostly it is those who were the victims of the theft that suffered the most.

It all began quite well for the two sides, but their breakdown ended up costing a lot of people a lot of money, regardless of where the blame lies.

Zack Shapiro, one of the Core team for Nano, tweeted on Jan. 12 that the funds were perfectly safe on BitGrail, despite the concerns of frozen funds almost a month before the hack.

Funds are safe on Bitgrail. It's an issue with the node which we're working hard to fix. Again, funds are safe

— Zack Shapiro (@ZackShapiro) January 12, 2018

The mystery of who was really at fault will probably remain, with both sides dogged in their defence and lack of culpability. However, if BitGrail are to be believed, and reparations are going to be made then at least there appears to be an ending in sight.

Tags
Related Posts
Bitgrail's founder contributed to $150M loss, Italian authorities allege
Italian authorities have found Bitgrail’s founder responsible for fraudulent activity related to the 2018 hack of the platform that resulte in the loss of $150 million. Francesco Firano, the sole director of now-defunct cryptocurrency exchange Bitgrail, is accused of taking over customer funds prior to reporting the theft of crypto from the exchange. According to a Dec. 21 announcement by the Postal and Communications Police — a cybercrime unit of the State Police of Italy — Firano kept the platform intact for months despite having identified a major security breach involving Nano cryptocurrency: “In keeping the platform open, despite having …
Bitcoin / Dec. 21, 2020
Hacked Italian Exchange Altsbit to Shut Down in May 2020
Altsbit, a small cryptocurrency exchange that lost “almost all funds” in hack on Feb. 5, will shut down its services in May 2020. After Altsbit first reported on the hack on Twitter on Feb. 6, the exchange released withdrawal instructions on Feb. 9. According to the statement, the hack caused Altsbit to have lost 6.929 Bitcoin (BTC) and 23 Ether (ETH), among losses in other cryptocurrencies such as Pirate Chain (ARRR), VerusCoin (VRSC) and and Komodo (KMD). Users to be refunded from crypto in cold storage Despite a significant part of Altsbit’s crypto funds being stored on cold storage, the …
Bitcoin / Feb. 10, 2020
Cellebrite Launches Crypto Tracer Solution to Track Illicit Transactions
Digital intelligence firm Cellebrite has launched its “Cellebrite Crypto Tracer” solution. The new offering is powered by CipherTrace and aims to trace illicit cryptocurrencies involved in money laundering, terrorism, drugs, human trafficking, weapon sales and ransomware schemes. The suite of tools will be available to investigators, analysts and non-technical agents who want to lawfully obtain evidence and trace criminals who use cryptos like Bitcoin (BTC) through the darknet. Citing figures from an Oxford University study, Cellebrite states that an estimated $76 billion worth of illegal activities involve Bitcoin. Curating millions of information references to trace transactions The Cellebrite Crypto Tracer …
Technology / July 28, 2020
Bithumb Announces External Audit Results in Wake of $13 Million Hack
South Korean cryptocurrency exchange Bithumb has conducted a professional external audit of its funds after a major hack last month, the company confirmed in a statement on April 11. Bithumb, South Korea’s largest exchange, lost around 14 billion won ($13 million) two weeks ago in an event executives believe was masterminded by an insider. Now, Bithumb has used a third party to assess its reserves, repeating its previous assurances that customer funds remained safe in cold storage wallets. The 14 billion of hacked EOS (EOS) tokens, a previous statement said, represented company-only funds. All remaining funds in its hot wallet …
Bitcoin / April 11, 2019
Ukrainian Man Faces up to 6 Years in Jail for Cryptojacking on His Own Websites
Ukraine’s Cyber Police have arrested a man who allegedly placed crypto mining malware scripts on his own websites, local law enforcement reported on March 26. The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered. The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported. The police also stated that the installed malware on the websites was deploying visitors’ devices’ CPU and GPU power to illegally mine cryptocurrencies. The authority has conducted …
Bitcoin / March 27, 2019