Italian Court Orders Bitgrail Founder To Return Stolen Hacked Funds To Customers

Crime, News | January 29, 2019 By:

The founder of hacked Italian crypto exchange BitGrail has been ordered to repay the $170 million worth of cryptocurrency that allegedly went missing last year.

In February 2018, BitGrail reported that hackers have penetrated its security and made off with 17 million units of digital currency NANO (XRB), worth roughly $170 million. At the time, Francesco Firano, founder of BitGrail, blamed the Nano development team for their failure to secure the token. For its part, the foundation argued that a bug in the exchange’s software had led to the loss or theft of the funds and accused Firano of concealing BitGrail’s insolvency for an extended period of time.

According to documents released by the Bitgrail victims advocacy group earlier this month, the Italian Bankruptcy Court, which enlisted the services of a court-appointed technical expert, concluded that Firano was at fault for the loss and is required to return as much of the assets to his customers as possible.

“The court concluded that both Bitgrail and Mr. Firano, personally, be declared bankrupt, authorizing seizures of many of Mr. Firano’s personal assets,” the documents stated. “So far, authorities have seized over $1 million in personal assets, including Mr. Firano’s car. Millions of dollars in cryptocurrency assets have been seized from Bitgrail’s exchange accounts and moved to accounts managed by trustees appointed by the court.”

In its decision, the court said that the exchange had failed to implement any meaningful safeguards to ensure the “idempotency” of NANO withdrawals from the Bitgrail exchange. The failure of Bitgrail to implement idempotent NANO withdrawals reportedly permitted users to request a withdrawal using the BitGrail software and under certain circumstances receive the requested amount more than once.

“It was the BitGrail exchange that actually requested to the node multiple times to allow the funds to leave the wallet and not the Nano network that allowed the multiple withdrawals,” the court said. “The shortfall reported by Firano in February was caused by a transfer request generated by BitGrail multiple times upon receiving a single request from the user. These request were sent to the NANO node as seperate request. Had they been idempotent, the NANO node would have disregarded them and prevented any problem.”

The court said that Firano also deposited 230 bitcoins ($1.8M USD) onto another crypto exchange and tried to withdraw the money through a bitcoin ATM – days before he would make his public announcement about the 17 million NANO loss.