Some really shoddy coding may have been involved in this one.
Image: TEK IMAGE/SCIENCE PHOTO LIBRARY/Gettyimages
Another day, another high-profile cryptocurrency hack — though in this case, the details are even murkier than usual.
Italian cryptocurrency exchange BitGrail announced last Thursday that it’s missing 17 million Nano, a cryptocurrency worth $11.90 at the time the announcement was made. This means the total value of missing coins was around $202.3 million.
(The price of Nano has since dropped significantly; the coin is currently trading at about $10.15 according to CoinMarketCap).
In a notice on its website, BitGrail mentions “unauthorized transactions,” and says it has notified the authorities of the apparent hack. It also halted all withdrawals and deposits from the site.
On the surface, this seems to be just another cryptocurrency theft, the likes of which we’ve seen plenty of in recent years. Just last month, Japanese cryptocurrency exchange Coincheck said hackers had stolen $424 million worth of NEM coins from its reserves.
The BitGrail hack is a bit more complicated. One day after the company’s announcement, the team behind Nano posted an announcement of its own, in which they claim that Francesco “The Bomber” Firano has contacted them and asked them to modify Nano’s ledger in order to cover the losses. But the Nano team claims there has been no technical issues with Nano’s underlying ledger. “The problems appear to be related to BitGrail’s software,” the announcement said.
Furthermore, the Nano team said that there’s “reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”
Some reports on Twitter from BitGrail users confirm that something suspicious may have been going on on BitGrail for a while. According to some users, the exchange made it progressively harder for users to withdraw coins from the exchange, starting in December of last year.
many people reported withdraws pending for more than 20 days. It appeared to be random, since I was able to withdraw different times in the same day. Sometimes it says my limit was reached, sometimes not. But the largest transaction got stuck forever.
— Camila Gomes (@Camilinha_ag) February 12, 2018
Firano fired back on Twitter, calling these accusations “unfounded,” and said the BitGrail team will be pressing charges against the Nano team due to “irresponsible behavior.”
Regardless of the outcome, it’s probably little comfort to people who’ve lost their funds. Shortly after its own hack, the Coincheck exchange announced it would restore all the stolen funds out of its own pocket; there has been no such announcement from BitGrail at this point.