Story image

Cryptocurrency exchange says it lost $195m to hackers – but is it a scam?

13 Feb 18

Have you heard of BitGrail? The Italian cryptocurrency exchange wasn’t known to many until last week.

The company claims that it was hacked late last week in an attack that saw US$195 million worth of customers’ cryptocurrency stolen. However, there is emphasis on the word ‘claims’, as there are many (including the developers of the stolen currency) who believe it’s all a scam.

BitGrail is one of many exchanges around the world that facilitates the trading of Bitcoin and other cryptocurrencies and until recently was one of the main portals for the trading of Nano – formerly known as RaiBlocks.

Dubious moves by the exchange in recent months have driven the growing scepticism surrounding BitGrail founder Francesco Firano’s announcement that 17 million Nano tokens had been stolen, amounting to roughly $195 million.

In January BitGrail put a stop to all withdrawals and deposits of Nano, Lisk and CryptoForecast tokens. This company then announced it would begin enforcing identity verification and anti-money laundering protocols for its users with the potential to block non-European users – this is despite the company not ever dealing with government currencies or banks.

And then finally, Firano seemingly asked the developers of the Nano currency to alter their records to restore the funds supposedly stolen from the exchange.

In the wake of all this drama, the price of Nano dropped 20 percent and the Nano team shared a copy of their communication with Firano publicly rejecting his bizarre request, alleging “we now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.”

Essentially, Nano’s developers believe Firano has made a hash of customer assets and is now claiming a hack as cover for his actions.

Despite all this, Firano asserts he has reported the hack to the police, which is now being investigated.

High-Tech Bridge CEO Ilia Kolochenko says it is difficult to forecast how many more similar incidents will happen in 2018, but undoubtedly a lot.

“Some people still naively believe that crypto-currencies are their chance for a wealthy life, and they blindly spend their last savings on unstable digital coins via opaque online platforms. Obviously, it’s a windfall for unscrupulous “entrepreneurs” who won’t shun the low-hanging fruit,” says Kolochenko.

“Law enforcement agencies are already busy enough with major data breaches of large retailers and banks, and simply cannot allocate sufficient resources to prevent, investigate and prosecute fraud in the grey area of unregulated crypto-currencies.”

However, Kolochenko says he will not point the finger at anyone prior to a rigorous technical investigation.

“Many blockchain startups simply neglect and carelessly disregard the fundamentals of cybersecurity,” says Kolochenko.

“Their negligence cannot help to attract cyber gangs who can steal their crown jewels with almost absolute impunity. Money laundering with digital coins is also pretty simple. I think, 2018 will mark more notorious cases of similar incidents.”

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.