Threat Management, Threat Management, Malware, Vulnerability Management

Crypto exchange BitGrail and token developer Nano at odds over alleged coin theft

Italian cryptocurrency exchange BitGrail is feuding with the developers of Nano virtual tokens, with both sides pointing fingers after BitGrail issued an announcement claiming a malicious actor stole 17 million Nano coins from the exchange.

A Feb. 9 online statement from BitGrail states that it has suspended all withdrawals and deposits, following a series of unauthorized transactions that resulted in the loss, which as of Feb. 12 equates to roughly $161.5 million. Other cryptocurrencies traded via BitGrail were not stolen in the incident, the exchange also noted.

On the same date, the Nano Core Team went on the offensive, releasing a post on Medium claiming they found no evidence of double spending activity on the ledger, and denying that a flaw in its protocols was responsible for the incident.

Rather, the post intimates wrongdoings by BitGrail and its founder Francesco “The Bomber” Firano, stating: “We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.” Such commentary appears to hint at a possible exit scam on the part of BitGrail, whose financial viability has reportedly come into question following a series of problems experienced by its users, including a lengthy identity verification process that has prevented some people from actively trading.

Nano's post also includes a link to a private chat between the Nano team and Firano, in which Firano asked Nano to alter or “fork” the ledger in order recoup the stolen funds – a request Nano turned down. However, such a move isn't without precedent – as one tweet from the cryptocurrency community reportedly noted, Ethereum's blockchain was hard forked to return money to affected investors after the digital decentralized autonomous organization DAO was hacked in 2016.

In that same posted conversation, Firano alleges that the theft stemmed from a Nano (aka xrb) bug that caused the node to crash, allowing attackers to force the system “to get double payments for which we have no trace of time due to another bug in xrb.” On the other hand, members of the Nano team question Firano as to why he didn't notice sooner the exchange had been leaking funds for weeks.

Firano further attacked Nano on Twitter, posting: “The #Nano team didn't seem that interested in helping and finding a clear solution or exact answer of what has happened. Almost if their attitude was that it isn't their problem and they are washing their hands.”

A second Nano blog post, published yesterday, updates the developer's own investigation, citing a suspicious account that posted more than 100 transactions -- at least some between Oct. 19-23, 2017. In the post, Nano says that Firano provided the details of these transactions via a SQL dump, and that the party behind these transactions was found to move hundreds of thousands of xrb coins between accounts, in some cases sending them back into BitGrail, and in other cases transferring them to fellow exchange Mercatox.

The Nano Core Team also reports that they identified a second account with a similar suspicious behavior. However, "We are waiting for BitGrail to release all of the wallet addresses associated with the lost funds, which is necessary to potentially have other exchanges freeze stolen funds," the developers state.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.