BitGrail Insolvency Update — 2/11/18

Unauthorized Transactions Traced to October 2017

Feb 11, 2018 · 4 min read

Since learning of BitGrail’s insolvency on February 8, 2018, the Nano Core team has been proactively investigating the matter to try to understand the timeline, accounts involved and where the missing funds went.

BitGrail ceased communication with the Nano team following the February 9th posting of the official statement.

Due to a server migration on January 19, 2018, any transaction that was missing a date was updated with the date and time of the migration, which we believe explains the January 19, 2018 dates on several transactions.

As we are looking at a blockchain, the order of the transactions is correct. Therefore, if we are able to date one or more transactions, using data outside of the block Explorer, we can infer when undated transactions happened in relation to the dated transaction(s).

While the Core team is still waiting on additional information from BitGrail regarding the lost funds, we have been notified of one account that allegedly received “unauthorized transactions.” (account 1, referred to as ‘bbjn’ from this point), which was cited by Firano in the Telegram text conversation from the original BitGrail Insolvency announcement, withdrew 9.84M Nano, worth around $1 million at the time.

We’ve identified a second account with a similar behavior pattern as ‘bbjn’, but without more information, we don’t feel comfortable publicly citing the wallet address. We are waiting for BitGrail to release all of the wallet addresses associated with the lost funds, which is necessary to potentially have other exchanges freeze stolen funds.

In the conversation dated February 8, 2018, Firano provided a SQL dump of over 100 transactions for the account ending in ‘bbjn’. The file included BitGrail’s internal time-stamps for these withdrawals. From the Unix time-stamps, we can, with sufficient confidence, date some of the transactions. They occurred between October 19–23, 2017. Dates noted in that file are for transactions greater than 100,000 XRB.

Specifically, this transaction for a withdrawal of 1,000,000 XRB occurred on October 23, 2017, at 1:22 AM, GMT, according to BitGrail’s database time-stamp data. You can see from the Explorer data that there were significant funds withdrawn before and after this transaction to account ‘bbjn’.

Firano categorized this transaction on Twitter and in our telegram chat as “unauthorized:”

Information given on unauthorized transaction from Firano.

A recent example of following the money, this wallet sends 350,000 XRB into an account which sends 499,999 XRB to another account which then does 6 transactions, sending the funds into BitGrail or Mercatox, in an alternating pattern.

In conclusion, using the time-stamps from the BitGrail database, a portion of the withdrawals from the account ending in ‘bbjn’, cited by Firano as “unauthorized,” can be dated to October 19–23, 2017, with many of the funds making their way back to BitGrail or Mercatox.

It is still unclear what other wallet addresses may have participated in this and we are awaiting more information from BitGrail.

We would like to sincerely thank everyone who has helped resurface old articles and data points that may be relevant to the alleged hacking. The details have been passed directly to law enforcement and we will continue to investigate this situation.

The Nano Core Team

Relevant dates: (an incomplete list)

10/15/17 — Nano (then RaiBlocks) Faucet closes

10/18–10/26— Average daily trading volume in USD on BitGrail from 10/18–10/26 is about $199,110 USD. Average daily price in that time frame was around $0.11 USD.

10/19–10/23 — Dates cited above that ‘bbjn’ account withdrew large amounts from BitGrail.

12/30 — Markets under maintenance — BitGrail

1/5/18 — KuCoin trading opened, the largest exchange to date after BitGrail and Mercatox

1/8/18 — BitGrail Nano (then XRB) Withdraws “under maintenance”

1/12/18 — First mention of mandatory KYC verification to withdraw Nano to your personal wallet

1/25/18 — Firano leaves BitGrail/Nano joint Telegram channel where we provided technical support when he or his team had questions

1/31/18 — RaiBlocks rebrands to Nano

2/1/18 — OkEx begins trading Nano

2/2/18— Binance begins trading Nano

2/8/18 — Firano informs Nano team of BitGrail insolvency

2/9/18 — BitGrail publicly acknowledges insolvency via blog post on their website. Nano posts Medium article with further information.

Relevant links:


Nano is a secure global digital currency


Written by


Digital currency for the real world — the fast and free way to pay for everything in life.



Nano is a secure global digital currency