The obscure Italian coin exchange BitGrail looks to be the latest cryptocurrency cautionary tale. On Friday, the site posted a notice to users informing them that hackers had made off with 17 million units of Nano (XRB), the coin formerly known as RaiBlocks.
While Nano was worth as little as 20 cents in late November, prices hovered around $10 late last week, putting the BitGrail losses at $170 million. Nano currently boasts a market capitalization of $1,287,013,24, the 24th largest of any cryptocurrency according to Coinmarketcap.
“… Internal checks revealed unauthorized transactions which led to a 17 million Nano shortfall, an amount forming part of the wallet managed by Bitgrail,” the site post stated. “Today a charge about those fraudulent activities has been submitted to the competent authorities and now is under police investigation.”
BitGrail’s note indicated that all transactions will be “temporarily suspended” while the incident is investigated. The Twitter account @bomberfrancy appears to belong to Francesco Firano, the individual behind BitGrail (Reddit user /u/TheBomber9). After admitting to the hack, the account turned to attacking the Nano development team over the incident, claiming that “[BitGrail is] pressing charges against you due to your irresponsible behavior.”
According to a Medium post from the Nano team, Firano offered a controversial solution for his $170 million problem. “An option suggested by Firano was to modify the ledger in order to cover his losses — which is not possible, nor is it a direction we would ever pursue,” the Nano dev team writes.
While BitGrail’s reported loss is considerable, the Italian exchange was quite obscure, trading a very small volume of the coin’s overall transactions. More than 80 percent of Nano trades take place on Binance, a far more established trading platform, though one not without its own controversies.
On Reddit, one user reports losing $1.4 million in the hack. “Before Kucoin was added as an exchange, I played around day trading on bitgrail to see if I could gain some more Nano,” the user writes, providing a link to their Nano wallet as proof. They explained that they had been trying to withdraw their Nano from BitGrail for a month (presumably after the price spiked in December or January) but were restricted by a 10 Bitcoin per day cap on withdrawals. They noted that over time, that limit was lowered to something closer to 1 Bitcoin per day in withdrawals and BitGrail stopped responding to their support tickets.
Small exchanges like BitGrail pose an even bigger risk than their already quite risky mainstream counterparts. Traders flock to small exchanges to pick up obscure coins before they gain mainstream exposure. Later, when those coins are added to a major exchange, their prices explode.
Unfortunately for early adopters who stick around with the tiny exchanges and don’t implement basic security like a cold storage wallet, that leaves a lot of money at risk with small companies that often don’t take cybersecurity seriously or have the resources to adequately protect their holdings. It’s also possible for obscure exchanges to claim a hack and vanish altogether, though international regulators are seeking to put more accountability in place.
The BitGrail hack is the second major cryptocurrency hack this year. In January, Japanese exchange Coincheck reported that hackers made off with $530 million in virtual cash.
Nano prices dipped as BitGrail informed users of the hack, but the coin appears to have perked up over the weekend.