Bad Code Has Lost $500 Million of Cryptocurrency in Under a Year

Bad Code Has Lost $500 Million of Cryptocurrency in Under a Year

Cryptocurrency can be lost in a variety of ways, from hacking to forgotten passwords and failed flash drives. But in dollar terms, one of the biggest causes of crypto losses is bad code, and it’s not usually the fault of the coin’s developers. Instead, third parties, including shoddy smart contract developers and shady exchanges, are to blame for losses that have reached half a billion dollars in the last seven months.

Also read: Cryptocurrency Exchange Bitgrail Suspends Operations After ‘Losing’ $170 Million of Nano

Bitgrail Gets Railed for Dodgy Code

Last week, news.Bitcoin.com reported on the demise of Bitgrail, which contrived to lose $170 million of nano cryptocurrency. While the precise sequence of events that caused the catastrophic collapse of the exchange with the assets of thousands of customers is still being confirmed, poor code is being blamed. As reported at the time:

There are rumors that Bitgrail became insolvent following a withdrawal bug that was discovered by some users and then shared in Discord and other chat groups, causing the wallet balance to gradually diminish. One user explained: “There was a bug on Bitgrail where if you placed two orders you got double balance added to your account. You could then withdraw while the orders were up and steal the coins. You had negative balance in the end but you could just make a new account.”

Bad Code Has Lost $500 Million of Cryptocurrency in Under a Year

In the aftermath of the incident, this theory has been bolstered by allegations that a bug was indeed responsible, and not in nano’s code, but in Bitgrail’s. One source asserted: “There was a bug, on the withdraw page. But this check was only on java-script client side, you find the js which is sending the request, then you inspect element – console, and run the java-script manually, to send a request for withdrawal of a higher amount than in your balance. Bitgrail delivered this withdrawal. How many people did this? Who knows.”

There was another bug, you could request a withdrawal to your address – from another user-id, from another user-account. That would cause the other users balance to have “missing funds” or “negative balance”. Bitgrail bomber solved this bug by manually entering the “correct” numbers in his database. This is what you get for using a PHP website coded by same skill-level as CfB of IDIOTA.

Even the Best Cryptocurrencies Aren’t Immune to Poor Code

The cryptocurrency most commonly associated with catastrophic bugs is ethereum. That’s not due to its underlying code, but on account of the smart contracts that can be built on top of the ethereum framework. First there was the DAO, which led to ethereum being forked right out the gate, and then there was the Parity bug that caused 150,000 ETH to be stolen, followed by the other Parity bug that caused $168 million of ETH to be locked up.

In the past couple of weeks, ethereum bugs have surfaced once more, albeit on a smaller scale. Proof of Weak Hands (PoWH) was a joke scamcoin which turned into an actual scamcoin after a bug led to the loss of 900 ether worth $1 million that had been sent to the contract address. The developer then disappeared after receiving death threats from investors aggrieved to discover that the joke Ponzi they were buying into was even less legitimate than it had seemed.

Bad Code Has Lost $500 Million of Cryptocurrency in Under a Year
After a smart contract bug led to the loss of 900 ETH, the PoWH website looked like this in the days afterwards

PoWH has since spawned a new scamcoin called ethpyramid which is for “strong hands only”. To the question “Is Ethpyramid secure?” the site responds “Yes. Our dev team put a lot of time into refining and testing this contract to make sure your tokens are safe. Internal functions of the contract are not accessible to the end user.” There’s also PoWH420, “the world’s dank autonomous and self-sustaining 420 pyramid scheme”.

Bad Code Has Lost $500 Million of Cryptocurrency in Under a Year
PoWH 420

Even if joke coins and their joke developers are taken out of the equation, it’s evident that cryptocurrencies are only as strong as their weakest link. While altcoins such as ethereum and nano have undoubted potential, like every other crypto they’re hostage to bugs lurking in wallets, smart contracts, and exchanges. One bad line of code is all it takes.

Do you think Bitgrail was brought down by a withdrawal bug or is there more to this story? Let us know in the comments section below.


Images courtesy of Shutterstock, and PoWH420. Katie Webster assisted with this article. 


Need to calculate your bitcoin holdings? Check our tools section.

The post Bad Code Has Lost $500 Million of Cryptocurrency in Under a Year appeared first on Bitcoin News.

Cryptocurrency Exchange Bitgrail Suspends Operations After ‘Losing’ $170 Million of Nano

Cryptocurrency Exchange Bitgrail Closes After ‘Losing’ $170 Million of Nano

Bitgrail, an exchange whose primary purpose was to facilitate the trading of nano, has folded after ‘losing’ 17 million XRB, valued at around $170 million. The Italian exchange had been offline for weeks, and its customers feared the worst. Today, its operator “Francesco The Bomber” confirmed the bad news, which gained short shrift from the Nano community. Many believe Bitgrail’s owner to have exit scammed, taking with him almost 13% of the total circulating supply.

Also read: Russia’s Largest Bank Caught Employees Mining For Crypto

A Big Heist for Tiny Nano

Cryptocurrency Exchange Bitgrail Closes After ‘Losing’ $170 Million of NanoUp until December of last year, nano – then going under the name of raiblocks – was little more than another aspiring altcoin hoping to make it to the big league. Its promise of fast transactions and zero fees had some of the more diligent Twitter traders interested, but even they were astonished by the moon mission XRB suddenly embarked on. At the start of December, 1 XRB could be bought for $0.20. One month later, 1 XRB had soared to $35 after gaining 17,500%, making it 2017’s biggest gainer and putting the likes of bitcoin, litecoin and ripple in the shade.

For most of last year, Bitgrail – the ‘rai’ in its name derived from raiblocks – was one of the only places where XRB could be bought. The exchange was clunky and erratic, like most small crypto exchanges, but it worked. Most of the time. It also supported other cryptocurrencies, but the volume was laughably low. Bitgrail was the place to go for raiblocks and nothing else. 99% of the time, altcoins that begin life on micro-exchanges stay there. But every once in a while, an outlier makes it to the big league. Raiblocks did just that in December, gravitating to larger exchanges and rocketing in price.

Cryptocurrency Exchange Bitgrail Closes After ‘Losing’ $170 Million of Nano
The above tweet is meant to say “XRB”

Bitgrail, previously just another minnow in a sea of competing exchanges, suddenly found itself in the custody of assets worth hundreds of millions of dollars. The temptation to take the money and run may have been too much for the site’s operator to take. It’s unclear at this stage exactly what happened. On January 28, the exchange tweeted: “XRB deposits and withdrawals currently suspended for internal system optimization. Thanks for understanding.” Then, on February 9, it posted the following notice:

Cryptocurrency Exchange Bitgrail Closes After ‘Losing’ $170 Million of Nano

Hack or Exit Scam?

While many users are adamant that Bitgrail has exit scammed, Francesco maintains the site was hacked. It has been alleged that the stolen XRB has been gradually transferred from this Bitgrail wallet to Mercatox and getting dumped for months. There are also rumors that Bitgrail became insolvent following a withdrawal bug that was discovered by some users and then shared in Discord and other chat groups, causing the wallet balance to gradually diminish. One user explained: “There was a bug on Bitgrail where if you placed two orders you got double balance added to your account. You could then withdraw while the orders were up and steal the coins. You had negative balance in the end but you could just make a new account.”

In a statement published on February 9, the Nano team wrote: “We now have sufficient reason to believe that Firano has been misleading the Nano Core Team and the community regarding the solvency of the BitGrail exchange for a significant period of time.” Whatever the truth, Bitgrail users have zero chance of getting their crypto back.

Cryptocurrency Exchange Bitgrail Closes After ‘Losing’ $170 Million of Nano

It’s a suckerpunch for hodlers who’d had the acuity to buy raiblocks when it was dirt cheap and had then seen their little turned into a lot. By mid-December they should have taken their coins off Bitgrail and into a personal wallet, or at least to a more reputable exchange, but that’s easy to say in hindsight. The Nano team have sensibly refused Bitgrail’s entreaties to alter its code to isolate the stolen XRB.

Cryptocurrency Exchange Bitgrail Closes After ‘Losing’ $170 Million of Nano

Only a week ago, Binance added nano to its exchange. In the wake of the Bitgrail incident, Binance’s CEO tweeted “We are in contact with Nano team (re: Bitgrail) and will freeze deposits from identified addresses as we receive them. This is one reason we require coin CEO/founder to submit listing requests. Binance will assist where we can. We need to work together to protect users.” In monetary terms, the $170 million hack is less than half the previous record, set just a fortnight ago, when $400 million of NEM were stolen from Coincheck. But at 12.7% of the total supply, the XRB theft is bigger than NEM and bigger than the the 800,000 BTC that caused the collapse of Mt Gox.

Do you think Bitgrail was hacked or exit scammed? Let us know in the comments section below.


Images courtesy of Shutterstock, Twitter, and Bitgrail.


Keep track of the bitcoin exchange rate in real-time.

The post Cryptocurrency Exchange Bitgrail Suspends Operations After ‘Losing’ $170 Million of Nano appeared first on Bitcoin News.