What caused the $170 million BitGrail Nano incident?
The most likely explanation seems to be carelessness on BitGrail's end, rather than theft or flaws in Nano.
BitGrail was one of the most widely used Nano XRB (formerly known as RaiBlocks) exchanges, responsible for much of the coin's global volume. But news abruptly broke on 10 February that 17 million XRB, 10% of the total supply worth about US$170 million at the time, had gone missing.
A few hours later it emerged that the loss had actually happened in November and December but had been covered up, or possibly gone entirely unnoticed, until now.
Users started speculating that the recent and equally sudden BitGrail freeze may have been related. The reasoning is that BitGrail management may have known it didn't have enough XRB for everyone to withdraw, and imposed restrictions to buy some time. The nature of the restrictions – a sharply restricted withdrawal limit and an unusual requirement that some customers withdraw BTC only instead of XRB – suggest that this might be the case.
Nano prices quickly plummeted after news of the theft and are still down around 30% at the time of writing, largely due to an initial fear that millions of stolen XRB would soon be flooding the market at discount prices. But a few hours later it became apparent that the missing coins had probably been sold off and recirculated weeks ago.
BitGrail has since announced its insolvency.
More significantly, it was speculated that an inherent vulnerability in Nano had resulted in the theft, or otherwise resulted in the loss of the coins. This theory was supported by:
- BitGrail management pointing the finger at Nano, and saying it was a double spend problem with the software. The Kucoin exchange also said that it had experienced similar problems with Nano.
- The loss seeming to only affect XRB. If it was a hacking theft rather than a technical problem one would expect coins other than XRB to have been stolen as well.
But further information suggests that neither of these is correct.
Firstly, released chat logs suggest that BitGrail management had known about the incident for a while, and promised to blame Nano for the problem if the Nano developers didn't modify the coin's ledger to cover BitGrail's losses.
"We have no reason to believe the loss was due to an issue in the Nano protocol. The problems appear to be related to BitGrail’s software," wrote Nano developers in their official statement on the incident. "[BitGrail owner] Firano informed us of missing funds from BitGrail’s wallet. An option suggested by Firano was to modify the ledger in order to cover his losses — which is not possible, nor is it a direction we would ever pursue... We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time."
And more recently, the creator of Nanex has weighed in with a theory about exactly what happened.
What (probably) happened?
According to a post by the Nanex creator, it was basically a $170 million failure to read the user manual. Kucoin had the same problem because it made the same mistake, but it also caught it quickly and reimbursed affected users. But BitGrail may have let it get out of hand.
The issue relates to Nano's unconventional architecture. It essentially offers a separate blockchain for each account, leading to fast and free transactions and almost infinite network scaling, but at the cost of unusual complexities and trickier integrating into other systems.
One of the most difficult factors is that each individual Nano wallet can only run about 6 transactions per second at most on its own blockchain. This is way more than enough for any individual, but not for an exchange.
To solve this, an exchange needs to run multiple Nano accounts on multiple nodes (blockchain connections). This introduces a new problem; making sure all the data is sychronised. It doesn't matter so much with a personal account where you're only sending and receiving your own funds from your own address, but it's a critical issue for automated exchanges. If a transaction gets out of synch and isn't fixed, the problem can snowball.
"With coins like Bitcoin everyone's data is updated at the same time in 'blocks', whereas on XRB every account has its own chain that can update independently from everyone else. For something like an exchange, having data that isn't strongly consistent is a big no no," writes the Nanex creator.
"As such, you have to have a consensus model. You need to wait until all of your nodes have the exact same set of data on an account before you can reliably transmit further data out. You could just firehose it and hope for the best, but that's shown to be a bad idea. This is not BitGrail's fault, but that's what they were running into at one point - a node would think it broadcasted a block but the broadcast failed. As such, every block after that was invalid and their entire withdrawal system would fail until they fixed it manually. You would see 'invalid block' in the explorer. This bug has since been fixed... All in all, it requires a lot more work on the software side to ensure scalability but also data integrity."
BitGrail basically just tossed it onto the exchange like a more generic crypotcurrency and experienced expensive technical problems as a result. This complexity is one of Nano's main downsides, but it's a solvable issue. But only when it's actually solved.
Unfortunately the forensics don't do much to help the now-defunct BitGrail or the users whose funds were lost. Other popular Nano exchanges, including Binance and Kucoin, have announced their intention to help recover the XRB where possible, but the vast majority of the erroneously transmitted money has now probably been lost in circulation.
Depending on how you see the coin, this situation is either evidence of Nano's untenable complexity, or might be a good time to buy at discounted prices.
Disclosure: At the time of writing the author holds ETH, IOTA, ICX, VEN, XLM, XRB, SALT