Nano AKA Raiblocks XRB and Bitgrail Scam $150M Lost!

by · Published · Updated

A good friend of mine asked me about Nano and I honestly haven’t paid much attention to it.  I didn’t even know what it was until I realize it was recently rebranded from Raiblocks (XRB).  That alone set off alarm bells, aside from it being confusing I suspected there must be more of a reason.

The technical side is impressive although I haven’t used it, they have this block-lattice technology which doesn’t use traditional PoW mining.  It confirms transactions individually between two wallets instead of the entire blockchain.  This is a huge plus but the weakness is that they only seem to focus on transaction speed.  The algorithm described that seems to automatically allow successive transactions to be confirmed sounds dangerous.  I may be missing something from the implementation but it sounds like a potentially vulnerability that an attacker could use after doing a transaction with you.  In addition they still use a public ledger so essentially they are solving the transaction speed alone but they may also have introduced a huge attack vector and vulnerability.

They do have some interesting features such as instant transactions and being infinitely scalable.  But I take issue with any team claiming anything is infinite.  To infinitely scale there would have to be infinite computing resources available which there are not.  It could just be marketing but this stuff does catch my attention.  Combined with the timing of their rebrand and a lot of insider trading and selling I am very skeptical of this team.  At the very least, hiding from the Bitgrail fraud by renaming just before the news broke doesn’t seem honest at all.

I think we have it here straight from their own blog.  I believe the Raiblocks team knew of a massive fraud about to go down with Bitgrail well before they let on or claim to have known something was wrong.  I am not saying they were involved but the timing of their re-branding is extremely suspicious.

This is because on January 31st they suddenly announce the rebrand to Nano.

Raiblocks-Rebrands

Then just 8 days later the Bitgrail $150M loss of XRB happened.  As you will see from the Raiblocks own timeline it appears they were possibly aware for weeks or months that something was going down.

Raiblocks-Rebrands1

The Raiblocks own timeline seems to imply they were aware of issues for weeks if not months before.   It does not mean they were directly involved but it gives the appearance that for publicity and to shrug off this massive fraud associated with their project they rebranded just before things hit the fan.

Raiblocks-XRB-ScamOn 10/19 – 2017 it is not clear if Raiblocks knew about the suspicious transaction but they definitely did in February.  Being under maintenance for no good reason to withdraw is always cause for concern on January 8th.  I am sure when the Bitgrail owner left the joint Telegram channel for Raiblocks they knew something was very amiss on 2018-01-25 (6 days before the rename and about 2 weeks before the public announcement of fraud).  I find this timing to be highly suspicious, it reminds of the Bitcoin Gold scam and I have no confidence in this team or currency because of that alone.

Bitgrail in March 2018 has gone on to make a statement claiming they are reopening and that they insist there is a flaw in Raiblocks that caused the theft.  Of course both sides may have motivation to blame the other.  In all fairness at least Bitgrail has pledged to offer some ERC20 tokens they are creating and that users will have access to all of their coins upon reopening (aside from the lost XRB of course).

Cash Fund dedicated to the victims of the NANO theft In view of the forthcoming reopening of Bitgrail.com (we will soon announce the exact date), BitGrail srl intends to inform its users of the details of the soon to be established cash fund dedicated to NANO owners, victims of the theft that was communicated on February 9 2018. Prior to that, a premise concerning the suffered theft and Bitgrail's obligations arising from the theft itself. BitGrail S.r.l intends to stress having been subject to theft, a crime made possible by taking advantage of faults in the team NANO's softwares (rai_node and the official block explorer) and therefore, for these reasons and in accordance with the law, it is not in any way responsible for the situation. We confirm that an investigation led by the legal authorities is underway The purpose of the investigation is to shed light on the theft, therefore we have already provided all the useful elements in order to reconstruct the facts, including the evidence concerning those involved in the fraudolent activity, who took advantage of the vulnerability of NANO's software, thus not Bitgrail's. Those grounds are alone sufficient to relieve BitGrail S.r.l of any refund obligation and/or repayment of the stolen amounts. However, as further demonstration of the good intentions and seriousness of the company, in order to meet its users half-way though without recognition of any liability, BitGrail S.r.l intends, on a voluntary basis, to establish a cash fund (by creating a token) dedicated to the users damaged by the theft. Doing so, they'll be enabled to recover their stolen funds over time. We must specify that, since they are not victim of the theft, users that didn't own NANO will have full access to their coins at the site reopening. (all the coins are safe, apart from XRB). Token BGS (BitGrail Shares) A new token (BGS, BitGrail Shares) is already present on the wallet page. 15.6 MLN of them have been distributed in a 1 to 1 ratio with the stolen NANO. The users who have been damaged by the theft (Meaning solely and exclusively all the NANO owners on Bitgrail) can already see their 20% updated XRB balance and, at the same time, the remaining part (80%) converted into BGS. Access and ownership to/of the BitGrail's token is granted only to users who will accept the settlement agreement, as stated in the next point. The new BitGrail Shares token will have its own market on Bitgrail's platform. It will be possibile to trade the token, but not deposit it or withdraw it. It is not excluded that the abovementioned token could be converted into an apposite cryptocurrency, thus enabling withdrawal and deposit. The first of the month BitGail will use the 50% of the previous month trading fees income in order to reacquire the BGS token, proportionally among the users who have them in their Balance. The tokens' buyback will occurr at the fixed price of 10.5 $ per unit (in Bitcoin), considering an average of BTC/USD pair among various exchanges ( Bitfinex, Binance, Bitstamp...) As said, it will be possible to trade BGS on the platform. Users who own said token will be able to buy and/or sell at a different pricing from the one required for the buyback. Doing so, users will have the chance of liquidating their BGS in advance, whenever there is an adequate market situation with the desired price. Any amount that can, in case, be recovered from those who have perpetrated the unauthorised withdrawals (therefore materially in the availabilty of BitGrail S.r.l) will be immediately destinated to the tokens' owners up to the extent of the pro rata sums subracted from the damaged users. (with value of 10.5$) Agreement with the users With the reopening of the site, the use of the platform for the victims of the theft will be bound by the signature of a settlement agreement. The latter will be characterised by an expressed renouncement from the users to every type of legal action, and will have to be formalized through the compilation of a form. The last will have to be printed, signed and uplodaded with the attached documents. Such renouncement will allow the availability of the BGS tokens above described. In denegata hypothesis, subjects who won't accept the settlement agreement will have no alternative except for the account termination in compliance with the TOSs. Extra UE users As already anticipated in the past, BitGrail won't be able to guarantee the trading to the extra UE users for a limited period of time. Our intention is to reopen the access to the whole world as soon as possible. Extra UE users will be able to deposit and withdraw. The BGS token buypack will also be available. Implementations of the platform With the purpose of guaranteeing a faster execution of the plan concerning the purchase of the tokens owned by the victims of the theft who have accepted the agreement, BitGrail S.r.l. will immediately work on the implementation of the site, focusing on: Markets/pair increasing by adding other criptocurrencies Interface and charts improvements an APP for smartphone / tablet the realization of a referral link system A voting system based on the BGS tokens for the list of new emergent criptocurrencies will be implemented. Thanks for the attention. Bitgrail S.r.l.

It’s hard to know for sure what has gone on in this case.  But this week XVG (Verge Coin) was hacked due to a flaw in how coins are mined, and something similar with Cryptonight for Monero and Bytecoin was also disclosed recently.    Who is to say that the Coincheck NEM issue also wasn’t due to a similar but unknown or undisclosed flaw?

Tags:

Areeb Soo Yasir

Business and technology have always gone hand in hand for me, and now I've built nearly 20 years of expertise. A few notable achievements: -> Tier III-Designed & deployed multiple mission critical datacenter environments in Canada, US, Hong Kong, Singapore & China. -> Software Engineering: Created a Linux OS from scratch, including a custom kernel to maintain millions of dollars in client infrastructure, deploy and report as needed. Created the “Windows Geeks” and “Password Pros” Windows Password Reset software recommended by Microsoft. -> Business Negotiations: Conducted intensive negotiations with branches of the Peoples Republic of China and the various state-run Telecom operations including China Telecom and China Unicom for access to their trillion dollar backbone infrastructure. We were the first western company to have such network access where other IT companies such as Vodafone and Google failed. -> Cloud Infrastructure Creation: Created the first proprietary “Clustered Cloud Architecture” that rivals competing Google, IBM, Microsoft & Alibaba alternatives. I'd love to chat #IT or #Linux or even #Business, so don't hesitate to connect. Cheers!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *