$170 000 000 USD





“An obscure Italian cryptocurrency exchange called BitGrail claims that it was hacked late last week and lost roughly $195 million worth of customers’ cryptocurrency.” "Just last Thursday, the core team was contacted by Firano in regard to a loss from the BitGrail wallet. According to a leaked conversation, 15 million Nano was reported ‘stolen’ by Firano, and a request was made to fork the chain. However, Nano developer Zack Shapiro pointed out the fact that the situation had been going on for months. It seems as though Firano was dealing with undisclosed issues of insolvency rather than an apparent hack." “The court notes that in July 2017, 2.5 million Nano were stolen from the exchange, and that Firano has been aware of it and announced that the involved exchange accounts have been blacklisted on Twitter in the same month. According to the ruling, in October of the same year — three months later — another 7.5 million Nano was stolen.” “it was the BitGrail exchange that [because of a software flaw] actually requested to the node multiple times to allow the funds to leave the wallet” and “not the Nano network that allowed the multiple withdrawals.


Furthermore, the exchange also reportedly stored all of its Nano cryptocurrency holdings in a “hot wallet,” which compromised its security.” “BitGrail was offline at the time. He claimed to be torn between claiming bankruptcy (which would absolve himself of the responsibility to pay the money back), or returning 20 percent of the lost funds immediately with a pledge to eventually give back the rest.” “The Italian Bankruptcy Court published the sentence on Jan. 21. A post by the BGVG published the same day as the court sentence explains that “the court concluded that both Bitgrail and Mr. Firano, personally, be declared bankrupt, authorizing seizures of many of Mr. Firano’s personal assets.”


"The man who ran Italian-based cryptocurrency exchange BitGrail was arrested for allegedly defrauding more than 230,000 people of €120 million ($146 million) collectively. In what was deemed "the biggest cyber-financial attack in Italy and one of the biggest in the world," the BitGrail boss faced charges of computer fraud, fraudulent bankruptcy, and money laundering."


"In 2018, the same man alerted police of a Nano Coin hack, communicating the loss of "a huge sum." Ivano Gabrielli, who is the head of the National Centre for Cyber Crimes in Italy, said that when their team started investigating, it became clear that the man was actually the head of BitGrail “[and] it…[was]...not yet clear whether he participated actively in the theft or if he simply decided not to increase security measures after discovering it.” The police further allege that the man, a 34-year-old known as "F.F.," interfered to prevent them from halting the continuing theft."

BitGrail stored vast sums of NANO in the form of hot wallets and contained an exploit which allowed traders to withdraw their NANO twice, allowing users to withdraw more than they held on the exchange. After hackers repeatedly exploited this glitch in the withdrawal mechanism to steal 2.5m NANO from massive hot wallets on the site, Mr. Firano, who managed BitGrail largely by himself, did not choose to address the issue. He did not even choose to announce the issue or the loss. His sole action was to ban the offending users. Unsurprisingly, abuse of the exploit continued for months, including a future loss of over 7.5m more NANO. Months later, with the price of NANO significantly higher, Mr. Firano attempted to resolve the matter by asking the NANO team to create a hard fork (of months and months of transactions which had been being stolen continuously). When that didn’t work, he made a plan to relaunch the exchange and use ongoing profits to repay victims, however his plan failed to include any sort of security upgrades, change of leadership, or addition of new talent to address the extreme lack of competence. Mr. Firano posted a vague poll to the general public via Twitter, in which 80% of respondents requested he go into bankruptcy as opposed to relaunching. He then ignored both this poll and a court order, restarting the exchange for all of a few hours. The end result was that both he and the exchange were declared bankrupt, and assets of the exchange were seized. The BitGrail website is full of information on the ongoing bankruptcy proceedings which continue to this day.

Infographic: An Overview of Compromised Bitcoin Exchange Events (Jan 30)
100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25)
From Coincheck to Bithumb: 2018’s Largest Security Breaches So Far (Feb 23)
BitGrail Cryptocurrency Exchange Claims $195 Million Lost to Hackers (Feb 25)
Owner of Hacked Crypto Exchange BitGrail Sentenced to Return Funds to Customers (Feb 25)
Italian court forces BitGrail CEO to repay $170M in ‘lost’ cryptocurrency (Feb 25)
Italian Court Orders Bitgrail Founder Firano $170 Million of Missing Cryptocurrency (Feb 26)
The Nano-Bitgrail saga is now over, and it's changed cryptocurrency | finder.com.au (Feb 26)
BitGrail - CryptoMarketsWiki (Feb 26)
Dropbox - Colin_ZS_Bitgrail_chat_log.pdf - Simplify your life (Feb 26)
Italian cryptocurrency exchange gets hacked for $170 million in Nano – TechCrunch (Feb 26)
Francesco The Bomber on Twitter: "Cosa preferireste che facesse BitGrail?" (Feb 26)
Cryptocurrency exchange BitGrail contemplates exit scheme on Twitter (Feb 26)
Lessons Learned from the Biggest Crypto Hacks in History (Feb 26)
The Biggest Cryptocurrency Hacks of 2018 (A Year in Which $1 Billion Crypto Was Stolen) (Feb 26)
A Look Back on Some of the Most Devastating Crypto Hacks | Fintech Singapore (Feb 27)
Crypto Exchange Hacks in Review: Proactive Steps and Expert Advice (Mar 2)
Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5)
CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 20)
SlowMist Hacked - SlowMist Zone (Jun 26)
https://medium.com/@cryptonewsbulls/is-mercatox-involved-in-195-million-dollar-bitgrail-heist-d14cc95165c (Jun 8)
"Either you die a programmer, or live long enough to become a scammer" - Owner of Bitgrail : CryptoCurrency (Oct 17)
Timeline of Cyber Incidents Involving Financial Institutions - Carnegie Endowment for International Peace (Dec 12)

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.