bitgrail hacked

Bitgrail Exchange Hacked and Insolvent

Bitgrail, the Italian cryptocurrency exchange, is done. The past months have been full of FUD as users constantly faced downtime and withdrawal issues. Sometimes FUD isn’t just verbal shots flung to hurt the reputation of competitors, in Bitgrail’s case, this seems to ring true. Bitgrail officially announced the theft of NANO (newly rebranded, formerly known as Raiblocks, XRB)  from their platform, also stating there is no way to reimburse 100% of funds as the exchange only holds 4 million NANO.
bitgrail hack xrb




Since all transactions are available in the public ledger, there has been a few public accounts that have been seen moving around huge amounts of Raiblocks (now NANO) in suspicious patterns. It seems many of the accounts in question have been exploiting a deposit and withdrawal bug as they’re seen continuously withdrawaling a balance from Bitgrail (in most cases to another exchange Mercatox), and depositing around the same amount back onto Bitgrail.
https://raiblocks.net/account/index.php?acc=xrb_1tf8gtopw8pdsrzsz6wzxpi6ndimsmqezetsosq5crq6r35ndmhrj9fd9nch
https://raiblocks.net/account/index.php?acc=xrb_1wyq7i6hqu1w6cz7u59mg31w5gnmiu6iobz5xwekjrqa56wsscnhrih8ofx9
https://raiblocks.net/account/index.php?acc=xrb_1fioob7u6ia76rfo1medtrwwdobey1ua8qe7z55qyjimir5b9d95hkdabbjn

It isn’t entirely clear how the exploit worked but somehow the constant withdrawals were able to be made while the Bitgrail system replenished it self with an artificial amount of coins. Perhaps the system allowed for a larger amount of withdrawals than coins owned in wallets and the owner of Bitgrail (Francesco Firano) was not able to detect how quickly the exchange’s XRB holding wallet was being drained until he did not have enough holdings to cover withdrawals. Funds for XRB withdrawals were then taken from private wallets of Bitgrail users in order to pay out, and we all know how that ends up.

Many affected by the theft are stating the exchange’s issues surrounding XRB began as early as Dec. 11th, 2017, and how Firano knew of the theft yet chose to continue to accept deposits and not disclose the hack for 2 months. User’s suspicious began to arise early this year as the exchange constantly had withdrawals down and support requests weren’t being answered. There was also the infamous post on Reddit made earlier this year where Firano threatened any one who accused Bitgrail of wrong doings to post their Bitgrail registration email, alluding an unfavorable outcome for the user. Users complained of Firano acting irrationally and holding their XRB hostage.




Sadly, the announcement of Bitgrail being compromised did not come as much surprise, especially considering the recent string of attacks on crypto currency exchanges. Francesco “TheBomber” Firano has claimed that over 17 million XRB have been stolen, a value of over $170 million USD at the time.

NANO has stated the hack has nothing to do with the NANO protocol and proper law enforcement has been contacted. The team maintains they had no idea of Bitgrail’s insolvency until Firano messaged them about it February 8th. The team have published that conversion as well as Firano suggesting to fraudulently modify the ledger in order to cover his losses, which was declined.

NANO has stated that they now believe Firano has been misleading them and the NANO community regarding the solvency of the BitGrail exchange for a significant period of time. Firano denies any fraudulent activities on his behalf and has also stated he is working with law enforcement.

It is not entirely sure what to expect in these situations. The likelihood for users affected in the hack receiving restitution in full amount or at all is very slim. It is still advisable to report the stolen amount to local authorities as well as staying in touch with the NANO community as a group class action law suit is often filed.