Around $170M worth of cryptocurrency was allegedly stolen from an obscure Italian crypto exchange called BitGrail in 2018; it’s still unclear exactly how or by whom.

Just weeks after Japanese crypto exchange Coincheck was hacked – an event dubbed “the biggest theft in the history of the world” at the time – the Italian crypto exchange BitGrail announced they were unable to account for millions of Nano (XNO), valued around $170M. Similar to the Coincheck hack, this incident involved BitGrail’s hot wallet allegedly being compromised.

However, that’s where the similarities end. Coincheck was praised for taking full responsibility and returning 90% of stolen funds to affected users from their own capital just months after the attack, whereas it was nearly a year before the owner of BitGrail was ordered by Italian courts to face insolvency and attempt to repay what was lost by users of his exchange.

The lesson we all learned was to do our due diligence when deciding on a crypto exchange to use.

The BitGrail Hack Timeline

February 08, 2018:

BitGrail announces XRB markets are down (XRB is the former ticket of the NANO cryptocurrency, now XNO). No further information is provided.

BitGrail Hack Twitter

 

Source: https://twitter.com/BitGrail/status/961643213936300032?s=20&t=-l1G0Cv_bBWy7xzyhk-KnA

We will later learn that BitGrail was already aware of an issue with its XNO holdings by the time of this announcement, as the Nano team would reveal.

February 09, 2018:

A Twitter user going by Francesco The Bomber (allegedly the owner and operator of the BitGrail exchange) announces that an unspecified amount of NANO had been stolen from the exchange’s wallet.

BitGrail Hack Twitter

 

Source: https://twitter.com/bomberfrancy/status/962105349351276544?s=20&t=ioqLuNLL2ZorZei209O3Qw

As you can see from the messages above, communication by the BitGrail exchange was less than fully clear or transparent.

The final line in the tweet, “The devs, as you have guessed, don’t want to collaborate”, refers to the developers of the NANO blockchain, who he had requested to perform a hard fork of the NANO blockchain in order to roll back the transactions that involved the stolen digital assets.

The same day, Nano released a statement addressing the issue, in which they explained the situation from their perspective. They claim Francesco The Bomber had contacted them the day before to inform them about the theft, and to request a hard fork on the Nano blockchain to potentially recover the funds, which was “not possible, nor is it a direction [Nano] would ever pursue.”

The Nano statement went on to explain “BitGrail is an independent business and Nano is not responsible for the way [Francesco The Bomber] or BitGrail conduct their business. We have no visibility into the BitGrail organization, nor do we have control over how they operate,” and it included an accusation that the BitGrail exchange owner had been “misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”

The BitGrail exchange owner responded in a tweet later that day.

BitGrail Hack Twitter

 

Source: https://twitter.com/bomberfrancy/status/962153793671565312?s=20&t=ioqLuNLL2ZorZei209O3Qw

February 12, 2018:

According to TechCrunch, BitGrail releases a (now deleted) official statement which includes the message “internal checks revealed unauthorized transactions which led to a 17 million Nano shortfall, an amount forming part of the wallet managed by Bitgrail.”

With XNO valued around $10 at the time, this made the total value of the BitGrail hack $170M.

This is where the trail goes cold, as future updates by BitGrail and its owner contain limited information about what actually took place. There were many unfounded accusations about Francesco The Bomber’s own involvement in the alleged attack, all of which he denied.

May 02, 2018:

BitGrail announces they’re re-opening their exchange.

BitGrail Hack Twitter

 

Source: https://twitter.com/BitGrail/status/991618648656826368?s=20&t=KSGQdl6FfLGYvgij346IYg

According to some responses to the tweet above, the exchange saw 0 trades within the first several hours of re-opening.

Just over 4 hours after the exchange opened back up, it closed down just as fast.

BitGrail Hack Twitter

 

Source: https://twitter.com/BitGrail/status/991666798583001089?s=20&t=KSGQdl6FfLGYvgij346IYg

It was never opened again.

Conclusion to the BitGrail Hack

January 21, 2019:

Nearly a year after the BitGrail hack was brought to light, the exchange owner, Francesco The Bomber, was ordered by Italian courts to return as many stolen digital assets to customers as possible. At the time of the post, Italian authorities had seized over $1M worth of Fancesco’s personal assets, including his car, and “millions of dollars in cryptocurrency assets have been seized from Bitgrail’s exchange accounts and moved to accounts managed by trustees appointed by the Court.” Both Francesco and his company were forced to declare bankruptcy.

It still remains unclear exactly what happened to the missing 17 million XNO, though court documents reveal BitGrail claimed the crypto was lost thanks to issues with the Nano nodes not verifying transactions properly, which the Nano team denied. It’s also unclear how much was eventually returned to creditors who lost money due to the incident.

One lesson rings clear: pick your crypto exchanges carefully and if you’re not actively trading your digital assets, move them to cold storage.

Avatar of Marin Ivezic
Marin Ivezic
 | Website

For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.

He held multiple interim CISO and technology leadership roles in Global 2000 companies.