Story image

Cryptocurrency exchange says it lost $195m to hackers – but is it a scam?

13 Feb 18

Have you heard of BitGrail? The Italian cryptocurrency exchange wasn’t known to many until last week.

The company claims that it was hacked late last week in an attack that saw US$195 million worth of customers’ cryptocurrency stolen. However, there is emphasis on the word ‘claims’, as there are many (including the developers of the stolen currency) who believe it’s all a scam.

BitGrail is one of many exchanges around the world that facilitates the trading of Bitcoin and other cryptocurrencies and until recently was one of the main portals for the trading of Nano – formerly known as RaiBlocks.

Dubious moves by the exchange in recent months have driven the growing scepticism surrounding BitGrail founder Francesco Firano’s announcement that 17 million Nano tokens had been stolen, amounting to roughly $195 million.

In January BitGrail put a stop to all withdrawals and deposits of Nano, Lisk and CryptoForecast tokens. This company then announced it would begin enforcing identity verification and anti-money laundering protocols for its users with the potential to block non-European users – this is despite the company not ever dealing with government currencies or banks.

And then finally, Firano seemingly asked the developers of the Nano currency to alter their records to restore the funds supposedly stolen from the exchange.

In the wake of all this drama, the price of Nano dropped 20 percent and the Nano team shared a copy of their communication with Firano publicly rejecting his bizarre request, alleging “we now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”

Essentially, Nano’s developers believe Firano has made a hash of customer assets and is now claiming a hack as cover for his actions.

Despite all this, Firano asserts he has reported the hack to the police, which is now being investigated.

High-Tech Bridge CEO Ilia Kolochenko says it is difficult to forecast how many more similar incidents will happen in 2018, but undoubtedly a lot.

“Some people still naively believe that crypto-currencies are their chance for a wealthy life, and they blindly spend their last savings on unstable digital coins via opaque online platforms. Obviously, it’s a windfall for unscrupulous “entrepreneurs” who won’t shun the low-hanging fruit,” says Kolochenko.

“Law enforcement agencies are already busy enough with major data breaches of large retailers and banks, and simply cannot allocate sufficient resources to prevent, investigate and prosecute fraud in the grey area of unregulated crypto-currencies.”

However, Kolochenko says he will not point the finger at anyone prior to a rigorous technical investigation.

“Many blockchain startups simply neglect and carelessly disregard the fundamentals of cybersecurity,” says Kolochenko.

“Their negligence cannot help to attract cyber gangs who can steal their crown jewels with almost absolute impunity. Money laundering with digital coins is also pretty simple. I think, 2018 will mark more notorious cases of similar incidents.”

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Verifi takes spot in Deloitte Asia Pacific Fast 500
"An increasing amount of companies captured by New Zealand’s Anti-Money laundering legislation are realising that an electronic identity verification solution can streamline their customer onboarding."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.