I’m not sure why this is the case on your system. I did again some tests on my side and didn’t show any such issue.
Obviously you should disable your faucet, and cancel any wrong faucet transactions for bitcoin, so that your users don’t take away all your Bitcoin!
I am looking to see if there is any possibility for users to have hacked the code to claim a different coin, but I don’t see how this could be done.
1. Have you tried claiming from the faucet? Do you get BTC or XNS when you claim?
2. Did all the users who used the faucet get BTC, or did some get BTC, and others XNS?
Let me know please.