Open in app

Sign in

Write

Sign in

17m XRB ‘stolen’ and what this means for the beleaguered cryptocurrency…

Orphan Blocks
HackerNoon.com
7 min readFeb 10, 2018

--

“Bitgrail S.r.l. Informs its users that internal checks revealed unauthorized transactions which led to a 17 million Nano shortfall, an amount forming part of the wallet managed by Bitgrail S.r.l.”

Bad news often comes in threes and supporters of the beleaguered crypto-currency Nano (recently rebranded from RaiBlocks) suffered another fatal blow last night when the BitGrail exchange announced that they had lost 17 million XRB and were halting all trading immediately.

This follows hot on the heels of a price crash from an all time high of $37.62 and a problem with nodes which was previously blamed on the incompetence of BitGrail and Mercatox (the only exchanges on which Nano was available on a few months ago) but turned out to be actual problems in the Nano software.

Weeks of testing user’s patience…

Bitgrail, the Italian cryptocurrency exchange which has been in operating since 2015, had been testing the patience of its users in the last few weeks with a series of measures making it increasingly difficult for users to withdraw XRB from the exchange.

Withdrawals were blocked for a while, blamed on software faults. Then later it was announced that the exchange would require all non-EU accounts to be closed and KYC documentation submitted from all other accounts in order to withdraw. Bitgrail was only going to credit the users with BTC instead of XRB which set alarm bells ringing.

For a while, it was naively suspected that with Nano hitting Kucoin and shortly afterwards winning a Binance vote to be listed, that BitGrail were simply delaying withdrawals knowing a huge chunk of their business would be lost to the the larger exchanges.

What’s the current state of play?

  • BitGrail owner Francesco Firano (known as “The Bomber”) announced on twitter that BitGrail cannot refund all it’s customers. The BitGrail wallet only has 4 million Nano.
  • Francesco blames the Nano developers for not agreeing to his suggestion to change the ledger and refund all the people that lost their money. He claims that the loss was due fault in the Nano software.
  • The Nano developers responded in turn by releasing an official statement, confirming they would not comply with Francesco’s suggestion. They notified law enforcement authorities and released transcripts of their personal chats with Francesco, including this damning statement:

We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.

  • Bitgrail also announced they had called the police, saying this would result in the freezing of assets, something he wanted to avoid.
  • Nano developers state that even if they accepted Francesco’s suggestion of changing the ledger — it wouldn’t be possible to change the history of transactions.
  • Both Binance and Nanex have recently announced that they will freeze deposits from identified addresses in order to try and rescue the stolen funds:

Possible explanations for what happened…

A number of users in Telegram group mentioned a problem with BitGrail when they made a purchase in December. There were reports that users were exploiting an error in the BitGrail bid matching engine in order to get cheap XRB.

Trading was halted although the chat dialog on the site showed a number of users mentioning how to exploit the hack in order to make their orders get matched on the system. BitGrail responded with this message:

However it seems users were not placated with that answer:

A lot of users are proposing that rather than the money being stolen from the exchange, it was instead the incompetence of BitGrail over a number of months allowing people to withdraw more XRB than they had legitimately bought.

This theory is a more plausible explanation for why Francesco has made XRB withdrawals so much more difficult in the last few weeks. We can try and speculate that some of the following might have happened:

  • Users exploit the flaw in the BitGrail exchange to double and triple spend deposits as well as allow orders to go through way below spot price.
  • BitGrail discovers that they have less XRB in their cold wallet (note: their cold wallet, which should be theoretically harder for hackers to attack!) and panic.
  • BitGrail send funds to Mercatox in order to make back the XRB in a crazy attempt to recover the funds…
  • … but the XRB price crash screws up this plan, leaving them to implement a series of attempts to prevent users from withdrawing. Imminent launches of XRB on Kucoin and Binance making their job a lot tougher.
  • Eventually Francesco approaches the Nano developers in order to strong arm them into changing the ledger as a last ditch approach.

The repercussions of this saga

Well firstly and most importantly, a lot of people who purchased Nano on Bitgrail and either left it there due to incompetence or because they were unable to withdraw have lost all their money. Both Nano and the Bitgrail exchange have informed the relevant authorities. There is still 4 million Nano left in the BitGrail wallet so partial refunding of customer balances should be possible once the legal avenues are exhausted.

Meanwhile users on Reddit, 4chan and other communities are creating threads and resources to mobilise the community, trace the lost funds or produce a body of evidence against Francesco for a future court date.

The lost XRB (17 million) is 12.75% of the total Nano supply of 133,248,289.

Is there a fatal flaw in the Nano software? It doesn’t seem like this is the case despite Francesco’s assertions to the contrary.

Does this make a 51% attack on Nano more easy to operate? Very few people believe Francesco’s version of events — it’s not possible that all 12% of the supply has been stolen by one user and there doesn’t seem to be any lack of faith in the community with regards to this issue.

However…

  • Nano definitely recommended BitGrail to users as an exchange on which they could purchase XRB, which users will see as giving the be-troubled exchange a seal of approval.
  • Nano also supplied their own time and expertise to fix issues and help BitGrail operate their exchange further cementing the impression given above.
  • Nano will quite rightfully state that are not responsible for the shoddy code and implementation of BitGrail.

For people who have lost thousands of dollars in the “hack” however, this will mean very little. Right now the anger is directed at Francesco and BitGrail but with legal recourse the only option, Nano could find themselves in the crosshairs of the irate victims.

Everything from their perceived recommendation of BitGrail (which is already cropping up on the official Telegram), to the time and effort they spent fixing issues with BitGrail, for not fixing the node issue quickly enough and delaying the Binance listing down to their simple refusal to accept Francesco’s suggestion and fix the ledger will be picked upon by those desperate for their funds to be returned to them.

Nano have a few options. They state the first option (changing the ledger) is not possible from a technology point of view. This option has precedent… the DAO hack forced Ethereum to do a hard fork to recover the funds lost. In last month’s hack of NEM, the exchange stepped in to refund lost money and saved NEM from a similar situation. Even if it was possible, Nano would have to hold firm… buckling under the immense pressure would be an incredible stain on their reputation as a decentralised cryptocurrency.

Tainting the coins at exchange level seems to be an option but most people suggest that the stolen funds have found their way into Bitcoin mixers and Monero and therefore are long gone.

Lastly they can simply ignore the issue — this is the route the team has seemingly opted for as evidenced by their official statement pointing all the blame at the feet of Francesco and BitGrail. In effect they’re saying “look this is all BitGrail’ fault and we cannot do anything about it”. It’s the best possible course of action, but of course it’s going to draw the anger from a lot of the people supporting and holding their coin who have been affected by this debacle.

Short term the price of Nano has taken another hammering, which is a bittersweet pill for those that invested at the ATH of $30 odd but thankfully haven’t lost all their money whilst doing so.

A lot of internet commentators are suggesting that this is Nano’s “MtGox” or “DAO” moment and that they will weather the storm and eventually be better for it. We agree, and perhaps you might even consider loading up whilst the coin is trading at a discounted price due to this unfortunate saga!

Join us on Telegram: https://t.me/orphanblocks
or Follow us on Twitter: https://twitter.com/orphanblocks

Disclaimer: some of the authors at Orphan Blocks own small quantities of Nano.

Blockchain
Raiblocks
Hacking
Cryptocurrency

--

--

Orphan Blocks
HackerNoon.com

Written by Orphan Blocks

781 Followers
Writer for

news and views on the future of money

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams