Cryptocurrency exchange BitGrail announces that $170 million worth of Nano was stolen

Suspicion is growing around Italian cryptocurrency exchange BitGrail after its owner seemingly asked for a coin's ledger to be changed after the exchange reported funds were missing Thursday, Feb 8

Mike Richardson
Read +
Follow Us

$170 million worth of Nano, formerly known as RaiBlocks, were stolen from BitGrail, a cryptocurrency exchange based in Italy, merely two weeks after Coincheck experienced the largest cryptocurrency hacking attack in history.

BitGrail made the announcement on its website and said that it had lost about $170 million due to fraudulent transactions. It has already notified the authorities, who are investigating the matter. In addition, the exchange has placed a hold on all transactions in order to verify their authenticity.

In a conversation with Nano developers (leaked by the developers), BitGrail’s owner, Francesco Firano (also known as “The Bomber”), claimed that bugs in Nano’s software had enabled coins to be “double spent” without the exchange noticing:

Due to an xrb bug that caused the node to crash, the attackers forced the system to get double payments for which we have no trace of time due to another bug in xrb official explorer

Double spending is a form of fraud in which the same coins are used for multiple transactions. Cryptocurrency software typically has built-in checks to prevent this, so accusing a cryptocurrency of permitting double spending is a serious criticism of its developers.

The team behind Nano have released a statement saying that theft was not due to an issue with Nano’s protocol, and lays the blame on BitGrail’s software. The announcement went on to state that they believe that “Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time."

On Twitter, Francesco said Nano's claims are nothing but "unfounded allegations." He added that he told the police that the Nano team published their private convo, which could compromise the investigation.

It doesn't help that BitGrail recently required users to verify their accounts to be able to withdraw their coins beyond a certain amount, and some people have reportedly been waiting for verification since December.

As an independent business, BitGrail cannot request a public blockchain network to fork itself to cover its losses.

The BitGrail debacle comes as dust continues to settle on Japanese exchange Coincheck’s giant $530 million hack late last month. Although accusations of foul play have been few, questions remain about security practices as state regulators conduct an ongoing major investigation.