Italian cryptocurrency exchange BitGrail is feuding with the developers of Nano virtual tokens, with both sides pointing fingers after BitGrail issued an announcement claiming a malicious actor stole 17 million Nano coins from the exchange.
A 9 February online statement from BitGrail states that it has suspended all withdrawals and deposits, following a series of unauthorised transactions that resulted in the loss, which as of 12 February equates to roughly US$ 161.5 million (£116 million). Other cryptocurrencies traded via BitGrail were not stolen in the incident, the exchange also noted.
On the same date, the Nano Core Team went on the offensive, releasing a post on Medium claiming they found no evidence of double spending activity on the ledger, and denying that a flaw in its protocols was responsible for the incident.
Rather, the post intimates wrongdoings by BitGrail and its founder Francesco “The Bomber” Firano, stating: “We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.” Such commentary appears to hint at a possible exit scam on the part of BitGrail, whose financial viability has reportedly come into question following a series of problems experienced by its users, including a lengthy identity verification process that has prevented some people from actively trading.
Nano's post also includes a link to a private chat between the Nano team and Firano, in which Firano asked Nano to alter or “fork” the ledger in order recoup the stolen funds – a request Nano turned down. However, such a move isn't without precedent – as one tweet from the cryptocurrency community reportedly noted, Ethereum's blockchain was hard forked to return money to affected investors after the digital decentralised autonomous organisation DAO was hacked in 2016.
In that same posted conversation, Firano alleges that the theft stemmed from a Nano (aka xrb) bug that caused the node to crash, allowing attackers to force the system “to get double payments for which we have no trace of time due to another bug in xrb.” On the other hand, members of the Nano team question Firano as to why he didn't notice sooner the exchange had been leaking funds for weeks.
Firano further attacked Nano on Twitter, posting: “The #Nano team didn't seem that interested in helping and finding a clear solution or exact answer of what has happened. Almost if their attitude was that it isn't their problem and they are washing their hands.”
A second Nano blog post, published yesterday, updates the developer's own investigation, citing a suspicious account that posted more than 100 transactions -- at least some between 19-23 October, 2017. In the post, Nano says that Firano provided the details of these transactions via a SQL dump, and that the party behind these transactions was found to move hundreds of thousands of xrb coins between accounts, in some cases sending them back into BitGrail, and in other cases transferring them to fellow exchange Mercatox.
The Nano Core Team also reports that they identified a second account with a similar suspicious behaviour. However, "We are waiting for BitGrail to release all of the wallet addresses associated with the lost funds, which is necessary to potentially have other exchanges freeze stolen funds," the developers state.