Was the BitGrail hack a mishap or a preplanned exit scam? How to prevent your assets from such crypto hacks and scams? Read more to find out!
BitGrail emerged as a small Italian exchange trading in lesser-known cryptocurrencies. It attracted traders to invest in obscure coins to make profits later when they appear on larger platforms. Investors are repeatedly asked to undertake thorough research before investing money so that they avoid crypto scams
. This is especially true for smaller exchanges that are concealed from regulation and can be hacked easily. Partly because of scarce capital, these companies are often unable to maintain an optimal level of cyber security. It isn’t uncommon for newly sprouted exchanges to vanish in thin air right after one of the traded currencies takes off on the mainstream market. BitGrail hack is a tale of a lack of investor education and the risks of using ambiguous platforms.
Bitcoin and Nano (previously known as RaiBlocks) were the major cryptocurrencies BitGrial dealt with. Nano (XRB) happened to be a relatively new currency and was being heavily traded on the Italian platform. However, the share traded on the exchange was still too small compared to the 80% of the volume being traded on Binance. Nonetheless, novice traders flocked to BitGrail and stayed loyal to it.
The timing of the hack coincided perfectly with the exploding price of the XRB, reaching $33 from a few cents. The founder of the company, Francesco Firano, halted all operations on the platform and issued a statement that revealed that the company’s Nano wallets had been attacked, leading to a loss of at least 17 million coins. The estimated loss stood at $170 million. Many investors took to Reddit to express their frustration following the hack and a user even claimed to have lost $1.4 million.
Reports started pouring in about how the attack was imminent and was already set into motion many months ago as proven by transactional problems faced by the users. Many commented that the withdrawal limit had drastically been reduced over the past few weeks, limiting transactions. The cap that had been previously set at 10 BTC withdrawals a day got reduced to only 1 BTC daily a few days before the hack.
Another troublesome event preceding the hack was the ban placed on non-European users.
Identity confirmation was made mandatory for all transactional activity and vigorous AML
protocols were enforced. All of these measures pointed at nefarious activities that ultimately led to what is known as an exit scam
. Being already true for smaller exchanges, many users speculated that their investment is at risk.
Following the losses, Firano tweeted about the temporary suspension of all trading activities on the platform and resorted to questioning the developers of the stolen cryptocurrency to “return” the coins to their rightful owners.
The attack on the developers was illogical and Firano’s stance was further weakened by his requests to manipulate the ledger to cover up the losses. He also accused Nano of the double spend attack
. When BitGrail was not granted the face-saving it was expecting, the founder tweeted the exact sum of losses blaming the developers for their lack of cooperation. Nano explained itself in a statement:
“From our own preliminary investigation, no double spending was detected on the ledger and we have no reason to believe the loss was due to an issue in the Nano protocol. The problems appear to be related to BitGrail’s software. We had no knowledge of BitGrail’s insolvency prior to February 8th. In our conversation yesterday (which you can find attached here, this link has been edited to redact a private email.), Firano informed us of missing funds from BitGrail’s wallet. An option suggested by Firano was to modify the ledger in order to cover his losses — which is not possible, nor is it a direction we would ever pursue.”
The Medium post by the developers was satisfactory and the traders started to put things into perspective. The timeline of all the changes the exchange had introduced over time made sense and predicted the scam months before it happened. Despite all the evidence against him, Firano didn’t yield. He hit back at the Nano team:
“We will say that the devs refuse to cooperate despite the proposed solutions. We are going to report the incident to the police, first and then we will explain what happened. Millions of dollars of your supporters depend on your decision. I hope you have understood this before making the decision not to cooperate.”
The hack took place in February 2018, just a month after the Coincheck hack
The arguments made by the Nano developers and Firano’s repeated requests to fork just made the whole situation clear.
There indeed was a hiccup in the last upgrade made to BitGrail that was actively being fixed by the developers, but all the preceding events pointed to an exit scam. Investigations later revealed that the majority of the coins were stolen from the platform’s cold wallets
while the hot wallets
remained functional and safe. This indicated that an inside job was probably executed by the platform itself.
BitGrail wasn’t one of the bigger crypto exchanges so it wasn’t on the radar of regulatory authorities.
According to the police, it is difficult to determine if the founder of the platform was directly involved in the cryptocurrency scam
or failed to enhance security following problematic instances. Currently, Firano is facing multiple charges of fraud including money laundering.
As of yet, none of the lost funds have been recovered and the case is still being investigated.
The value of Nano plunged following the scam and it alerted the community about how small exchanges are more likely to engage in malpractice.
Enhanced regulation of even the less notable exchanges that are favored by novice investors and obscure currencies should be implemented. Investor research and education are pivotal in maintaining the security of blockchain systems. Hackers aren’t the only threat in crypto. Scams and bogus exchanges are equally prevalent and the trader should be on the lookout for those too.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap. CoinMarketCap is not responsible for the success or authenticity of any project, we aim to act as a neutral informational resource for end-users.